Security News > 2022 > August > Microsoft patches Windows DogWalk zero-day exploited in attacks
Microsoft has released security updates to address a high severity Windows zero-day vulnerability with publicly available exploit code and abused in attacks.
DogWalk was publicly disclosed by security researcher Imre Rad more than two years ago, in January 2020, after Microsoft replied to his report saying it won't provide a fix because this isn't a security issue.
"In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file," Microsoft explains in today's advisory.
According to Microsoft, DogWalk affects all Windows versions under support, including the latest client and server releases, Windows 11 and Windows Server 2022.
Last month, Microsoft was forced to publish an official security advisory regarding another Windows MSDT zero-day after rejecting an initial report and tagging it as not a "Security-related issue."
Today, the company also released security updates to address a publicly disclosed zero-day tracked as 'CVE-2022-30134 - Microsoft Exchange Information Disclosure Vulnerability,' allowing attackers to read targeted email messages.
News URL
Related news
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) (source)
- Microsoft replacing Remote Desktop app with Windows App in May (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)
- Microsoft: Recent Windows updates make USB printers print random text (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-09 | CVE-2022-30134 | Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Information Disclosure Vulnerability | 0.0 |