Security News > 2022 > June > Two-year-old Windows DIAGCAB zero-day gets unofficial patches
Free unofficial patches for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool have been released today through the 0patch platform.
Diagcab files are downloaded from the Internet and include a Mark-of-the-Web, Windows ignores it for this file type and allows the file to be opened without a warning.
MOTW properties are used by web browsers and Windows to determine if a file should be treated with suspicion, and, ignoring it, could lead to more users opening the downloaded file.
This vulnerability affects all Windows versions, starting with the latest releases and going back to Windows 7 and Server 2008.
To install these patches on your Windows system, you will need to register a 0patch account and install the 0patch agent.
You can see 0patch's Windows micropatches in action in the video demo embedded below.
News URL
Related news
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization (source)
- Play ransomware exploited Windows logging flaw in zero-day attacks (source)