Security News > 2022 > August > Microsoft Patches ‘Dogwalk’ Zero-Day and 17 Critical Flaws
Microsoft is urging users to patch a zero-day vulnerability dubbed Dogwalk that is actively being exploited in the wild.
The actively exploited Dogwalk bug was first reported to Microsoft in January 2020 by researcher Imre Rad. However, it wasn't until a separate researchers began tracking the exploitation of a flaw dubbed Follina that the Dogwalk bug was rediscovered.
Microsoft has released a separate alert page for this flaw to help mitigate the flaws.
Back in the Patch Tuesday spotlight is a critical flaw in Microsoft's Server Message Block client and server running on Windows 11 systems using Microsoft SMB 3.1.1, according to the company.
Interestingly, Microsoft describes the flaw as Important, while researchers warn the bug is Critical and should be a priority patch.
"To exploit this, a remote, unauthenticated attacker would need to make a specially crafted call to an affected NFS server. This would provide the threat actor with code execution at elevated privileges. Microsoft lists this as Important severity, but if you're using NFS, I would treat it as Critical. Definitely test and deploy this fix quickly," advises Zero Day Initiative.
News URL
https://threatpost.com/microsoft-patches-dogwalk-zero-day-and-17-critical-flaws/180378/
Related news
- Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday' (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft fixes exploited zero-day (CVE-2024-49138) (source)
- Cleo patches critical zero-day exploited in data theft attacks (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update (source)