Microsoft, CISA Warn of Actively Exploited ‘DogWalk’ Windows Bug

Total times read this article : 12

Microsoft has warned its customers that a vulnerability known as DogWalk, which affects every recent version of Windows and Windows Server, is being actively exploited by attackers.

DogWalk (CVE-2022-34713) is a high severity vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT(Opens in a new window)) that can be exploited to enable remote code execution on vulnerable devices, the company says in a Microsoft Security Response Center (MSRC) update(Opens in a new window).

There are many such devices; DogWalk affects Windows 7, 8.1, 10, and 11 as well as several versions of Windows Server, Microsoft says in the MSRC update. More than 1.4 billion devices currently run Windows 10 or 11 alone, the company says on its website(Opens in a new window).

Microsoft does reassure Windows users that “exploitation of the vulnerability requires that a user open a specially crafted file,” which means attackers can’t just force their way onto a vulnerable system, but it’s not particularly hard to get someone to open a malicious file.

“In an email attack scenario,” Microsoft says, “an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.” Or they could upload the malicious file to a website and just wait for someone to download it.

This update has prompted(Opens in a new window) the US Cybersecurity and Infrastructure Security Agency (CISA) to add CVE-2022-34713 to its Known Exploited Vulnerabilities catalog. That means federal agencies have until Aug. 30 to patch their systems against the vulnerability.

Recommended by Our Editors

That might not seem like a long time, especially since Microsoft released the Windows and Windows Servers patches related to DogWalk on Aug. 9 as part of Patch Tuesday. But attackers have known about this flaw in MSDT for at least 2.5 years at this point.

BleepingComputer reports(Opens in a new window) that DogWalk was initially disclosed by a security researcher named Imre Rad in January 2020. Microsoft initially dismissed the report, Rad says(Opens in a new window), but now it’s finally released a fix and confirmed that attackers have exploited the flaw.

SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.”,”first_published_at”:”2021-09-30T21:22:09.000000Z”,”published_at”:”2022-03-24T14:57:33.000000Z”,”last_published_at”:”2022-03-24T14:57:28.000000Z”,”created_at”:null,”updated_at”:”2022-03-24T14:57:33.000000Z”})” x-show=”showEmailSignUp()” class=”rounded bg-gray-lightest text-center md:px-32 md:py-8 p-4 mt-8 container-xs” readability=”31.423799582463″>

Like What You’re Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

Facebook Comments Box

Hits: 0

RELATED ARTICLESMORE FROM AUTHOR