Security News > 2022 > June > Two-year-old Windows DIAGCAB zero-day gets unofficial patches
Free unofficial patches for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool have been released today through the 0patch platform.
Diagcab files are downloaded from the Internet and include a Mark-of-the-Web, Windows ignores it for this file type and allows the file to be opened without a warning.
MOTW properties are used by web browsers and Windows to determine if a file should be treated with suspicion, and, ignoring it, could lead to more users opening the downloaded file.
This vulnerability affects all Windows versions, starting with the latest releases and going back to Windows 7 and Server 2008.
To install these patches on your Windows system, you will need to register a 0patch account and install the 0patch agent.
You can see 0patch's Windows micropatches in action in the video demo embedded below.
News URL
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- New Windows Themes zero-day gets free, unofficial patches (source)
- Windows Themes zero-day bug exposes users to NTLM credential theft (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)