Microsoft Urges Windows Users To Run Patch For DogWalk Zero-Day Exploit

joshuark shares a report from Computerworld: Despite previously claiming the DogWalk vulnerability did not constitute a security issue, Microsoft has now released a patch to stop attackers from actively exploiting the vulnerability. [...] The vulnerability, known as CVE-2022-34713 or DogWalk, allows attackers to exploit a weakness in the Windows Microsoft Support Diagnostic Tool (MSDT). By using social engineering or phishing, attackers can trick users into visiting a fake website or opening a malicious document or file and ultimately gain remote code execution on compromised systems. DogWalk affects all Windows versions under support, including the latest client and server releases, Windows 11 and Windows Server 2022.

The vulnerability was first reported in January 2020 but at the time, Microsoft said it didn't consider the exploit to be a security issue. This is the second time in recent months that Microsoft has been forced to change its position on a known exploit, having initially rejected reports that another Windows MSDT zero-day, known as Follina, posed a security threat. A patch for that exploit was released in June's Patch Tuesday update.

Where is the news?

[Entrope]

Not news: Microsoft Windows contains zero-day vulnerability
Also not news: Microsoft's "fix" doesn't fix it.
Still would not be news: The follow-up fix is not complete, either.

Re:

[Opportunist]

Most of all, it ain't news because it's like 2 months old.

I found the root kit

[VeryFluffyBunny]

There's a root kit on a large number of computers that enables malware to infect them. I've removed it & it worked really well: https://www.wikihow.com/Uninst... [wikihow.com]

Re:

[AmiMoJo]

A bit less drastic is to just disable the Windows Microsoft Support Diagnostic Tool service. It doesn't do anything useful.

Re:

[VeryFluffyBunny]

You're just kicking the can down the road. It's better to just get to the root of the problem & be done with it.

Unpatchable

[Powercntrl]

By using social engineering or phishing, attackers can trick users into visiting a fake website or opening a malicious document or file and ultimately gain remote code execution on compromised systems.

By using social engineering, you could potentially get someone to go to Western Union and have them send you the contents of their bank account. There is no patch for human stupidity.

Re:

[Opportunist]

Well, there is... but it limits the availability of the human considerably.

Not that I'd consider this a bad things with many of them.

Re:

[Zeratul2k]

It usually comes in the shape of a clue-by-four...

use the workaround

[awwshit]

Part of the original advice was to remove the registry entries that Windows uses to know how to open MSDT files.

See Workarounds: https://msrc-blog.microsoft.co... [microsoft.com]

The workaround does not solve the problem but you won't be able to just click to open, you'll have to open a program then open file in it. Helps with ignorant users clicking on things.

Re:

[drinkypoo]

Looks like the patch does this (whatever else it might do) because I tried to delete the key after applying it and it wasn't there.

"Zero-Day"

[Ichijo]

Zero-day [wikipedia.org]? Microsoft knew about it in January 2020, about 2 years and 7 months ago, so that would make it a roughly 940-day exploit.

Or maybe they're using this revisionist, corporate-friendly definition [trendmicro.com] of "a vulnerability...that has been disclosed but is not yet patched."

Crap-OS remains Crap-OS...

[gweihir]

What else is new? MS should never have been trusted with anything.

It was pretty

[emmajmm]

It was pretty informative and detailed for me to read this article here. Anyway, talking about all these Windows servers, how to choose the best one? I have checked this source on https://www.turboftp.com/tbser... [turboftp.com] and many others but I still don't really understand what to choose right now.