Security News > 2022 > June > Two-year-old Windows DIAGCAB zero-day gets unofficial patches
Free unofficial patches for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool have been released today through the 0patch platform.
Diagcab files are downloaded from the Internet and include a Mark-of-the-Web, Windows ignores it for this file type and allows the file to be opened without a warning.
MOTW properties are used by web browsers and Windows to determine if a file should be treated with suspicion, and, ignoring it, could lead to more users opening the downloaded file.
This vulnerability affects all Windows versions, starting with the latest releases and going back to Windows 7 and Server 2008.
To install these patches on your Windows system, you will need to register a 0patch account and install the 0patch agent.
You can see 0patch's Windows micropatches in action in the video demo embedded below.
News URL
Related news
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017 (source)
- New Windows zero-day exploited by 11 state hacking groups since 2017 (source)
- APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- New Windows zero-day leaks NTLM hashes, gets unofficial patch (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)