1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft finally patches nasty Windows security hole, two years

    From TechnologyDaily@1337:1/100 to All on Wed Aug 10 23:00:04 2022
    Microsoft finally patches nasty Windows security hole, two years later

    Date:
    Wed, 10 Aug 2022 21:41:29 +0000

    Description:
    Two years after first being discovered, DogWalk Windows flaw finally gets patched in latest Microsoft Patch Tuesday.

    FULL STORY ======================================================================

    DogWalk, a security flaw in Windows first discovered in January 2020, has finally been addressed, the company has confirmed.

    The remote code execution flaw, existing due to a path traversal weakness in the Windows Support Diagnostic Tool (MSDT), is being patched as part of the August 2022 Patch Tuesday, Microsoft has said.

    The flaw is tracked as CVE-2022-34713, and if abused, can give attackers the ability to run any code on a target endpoint. It was first discovered by a researcher called Imre Rad more than two years ago, but back then, Microsoft said it wasnt really a security vulnerability, and as such, it wont be fixed. Fast forward to today, and the flaw has been put back into the spotlight by a different researcher, going by the name j00sean. Abusing DogWalk on Windows
    11

    To exploit DogWalk, the attacker needs to add a malicious executable to the Windows Startup. That way, once the system is restarted, malware gets downloaded and run. It can be used in low-complexity attacks, but with a caveat - the victim needs to interact with the system (they need to download the malware or run it themselves).

    "In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to
    open the file," Microsoft said. "In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to
    exploit the vulnerability." Read more

    Windows Follina zero-day now being abused to infect PCs with Qbot malware


    Microsoft patches Follina threat in latest Patch Tuesday release



    These are the best secure email providers right now

    DogWalk can be abused on all supported versions of Windows, Microsoft confirmed, including the latest variants - Windows 11, and Windows Server 2022.

    This months Patch Tuesday also addresses CVE-2022-30134, a zero-day vulnerability affecting Microsoft Exchange Information Disclosure, which allows threat actors to read targeted email messages. In total, 112 flaws
    were addressed, including 17 deemed critical. These are the best endpoint protection services right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/microsoft-finally-patches-nasty-windows-securit y-hole-two-years-later/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)