Microsoft has rolled out its August 2022 Patch Tuesday security updates designed to fix over 100 security vulnerabilities in the Windows operating system and related software, including a zero-day flaw being actively exploited by hackers.
Tracked as CVE-2022-34713 (aka “DogWalk”) the zero-day in question is a buffer overflow issue, which exists due to a boundary error in Windows Support Diagnostic Tool (MSDT) when processing files. It allows a remote attacker execute arbitrary code on the target system by tricking a victim into opening a malicious file.
The flaw affects all supported Windows versions, including Windows 11 and Windows Server 2022.
Notably, Microsoft had been aware of the DogWalk vulnerability for nearly two years - when it was disclosed in January 2020 the tech giant said it will not release a patch as it wasn't a security issue. However, the Microsoft Support Diagnostics Tool issue has been recently re-discovered and once again brought to public attention prompting Microsoft to release a fix at last.
In addition to DogWalk, Microsoft addressed a Microsoft Exchange Information Disclosure Vulnerability (CVE-2022-30134), which has been publicly exposed by hasn’t been observed being exploited by threat actors.
August 2022 Patch Tuesday also fixes a number of high-risk vulnerabilities impacting Microsoft Windows Support Diagnostic Tool (MSDT), Microsoft Exel, Windows Network File System, Windows Kerberos, Visual Studio, Windows Point-to-Point Protocol (PPP), and other software products.