Security News > 2022 > August > Microsoft patches Windows DogWalk zero-day exploited in attacks
Microsoft has released security updates to address a high severity Windows zero-day vulnerability with publicly available exploit code and abused in attacks.
DogWalk was publicly disclosed by security researcher Imre Rad more than two years ago, in January 2020, after Microsoft replied to his report saying it won't provide a fix because this isn't a security issue.
"In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file," Microsoft explains in today's advisory.
According to Microsoft, DogWalk affects all Windows versions under support, including the latest client and server releases, Windows 11 and Windows Server 2022.
Last month, Microsoft was forced to publish an official security advisory regarding another Windows MSDT zero-day after rejecting an initial report and tagging it as not a "Security-related issue."
Today, the company also released security updates to address a publicly disclosed zero-day tracked as 'CVE-2022-30134 - Microsoft Exchange Information Disclosure Vulnerability,' allowing attackers to read targeted email messages.
News URL
Related news
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days (source)
- Lazarus hackers exploited Windows zero-day to gain Kernel privileges (source)
- Microsoft rolls back decision to stop Windows 11 22H2 preview updates (source)
- CISA warns of Microsoft Streaming bug exploited in malware attacks (source)
- Windows Kernel bug fixed last month exploited as zero-day since August (source)
- Microsoft: Windows 11 “invites” coming to more Windows 10 Pro PCs (source)
- Hackers steal Windows NTLM authentication hashes in phishing attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-08-09 | CVE-2022-30134 | Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Information Disclosure Vulnerability | 6.5 |