10 August 2022

Microsoft fixes yet another MSTD zero-day exploited in the wild


Microsoft fixes yet another MSTD zero-day exploited in the wild

Microsoft has rolled out its August 2022 Patch Tuesday security updates designed to fix over 100 security vulnerabilities in the Windows operating system and related software, including a zero-day flaw being actively exploited by hackers.

Tracked as CVE-2022-34713 (aka “DogWalk”) the zero-day in question is a buffer overflow issue, which exists due to a boundary error in Windows Support Diagnostic Tool (MSDT) when processing files. It allows a remote attacker execute arbitrary code on the target system by tricking a victim into opening a malicious file.

The flaw affects all supported Windows versions, including Windows 11 and Windows Server 2022.

Notably, Microsoft had been aware of the DogWalk vulnerability for nearly two years - when it was disclosed in January 2020 the tech giant said it will not release a patch as it wasn't a security issue. However, the Microsoft Support Diagnostics Tool issue has been recently re-discovered and once again brought to public attention prompting Microsoft to release a fix at last.

In addition to DogWalk, Microsoft addressed a Microsoft Exchange Information Disclosure Vulnerability (CVE-2022-30134), which has been publicly exposed by hasn’t been observed being exploited by threat actors.

August 2022 Patch Tuesday also fixes a number of high-risk vulnerabilities impacting Microsoft Windows Support Diagnostic Tool (MSDT), Microsoft Exel, Windows Network File System, Windows Kerberos, Visual Studio, Windows Point-to-Point Protocol (PPP), and other software products.

Back to the list

Latest Posts

Cyber security week in review: September 23, 2022

Cyber security week in review: September 23, 2022

The world in brief: Cryptomarket maker Wintermute robbed of $160M in a hack, old Python bug potentially affects 350,000 open-source projects, and more.
23 September 2022
Unpatched 15-year-old Python vulnerability puts at risk over 350,000 open-source projects

Unpatched 15-year-old Python vulnerability puts at risk over 350,000 open-source projects

The vulnerable Python tarfile module is found extensively in frameworks created by Netflix, AWS, Intel, Facebook, Google and other software.
22 September 2022
Malicious actors continue to abuse Google Tag Manager tool to install e-skimmers

Malicious actors continue to abuse Google Tag Manager tool to install e-skimmers

The researchers said they discovered three variants of malicious scripts hidden within GTM containers that function either as e-skimmers or as downloaders for installing e-skimmers.
21 September 2022