Security News > 2022 > June > Researchers Warn of Unpatched "DogWalk" Microsoft Windows Vulnerability
An unofficial security patch has been made available for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool, even as the Follina flaw continues to be exploited in the wild.
The issue - referenced as DogWalk - relates to a path traversal flaw that can be exploited to stash a malicious executable file to the Windows Startup folder when a potential target opens a specially crafted ".
Diagcab" archive file that contains a diagnostics configuration file.
The vulnerability affects all Windows versions, starting from Windows 7 and Server Server 2008 to the latest releases.
"Outlook is not the only delivery vehicle: such file is cheerfully downloaded by all major browsers including Microsoft Edge by simply visiting(!) a website, and it only takes a single click in the browser's downloads list to have it opened," Kolsek said.
"Archive contains an IMG with a Word doc, shortcut file, and DLL. The LNK will execute the DLL to start QBot. The doc will load and execute a HTML file containing PowerShell abusing CVE-2022-30190 used to download and execute Qbot.".
News URL
https://thehackernews.com/2022/06/researchers-warn-of-unpatched-dogwalk.html
Related news
- Microsoft pulls WinAppSDK update breaking Windows 10 app uninstalls (source)
- Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs (source)
- Microsoft testing Windows 11 support for third-party passkeys (source)
- Microsoft asks Windows Insiders to try out the controversial Recall feature (source)
- Microsoft blocks Windows 11 24H2 on some PCs with USB scanners (source)
- Security? We've heard of it: How Microsoft plans to better defend Windows (source)
- Microsoft says premature patch could make Windows Recall forget how to work (source)
- Microsoft says having a TPM is "non-negotiable" for Windows 11 (source)
- Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability (source)
- Microsoft lifts Windows 11 24H2 block on PCs with USB scanners (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-01 | CVE-2022-30190 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Microsoft products A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. | 0.0 |