Security News > 2022 > August > Microsoft Patches ‘Dogwalk’ Zero-Day and 17 Critical Flaws

Microsoft is urging users to patch a zero-day vulnerability dubbed Dogwalk that is actively being exploited in the wild.
The actively exploited Dogwalk bug was first reported to Microsoft in January 2020 by researcher Imre Rad. However, it wasn't until a separate researchers began tracking the exploitation of a flaw dubbed Follina that the Dogwalk bug was rediscovered.
Microsoft has released a separate alert page for this flaw to help mitigate the flaws.
Back in the Patch Tuesday spotlight is a critical flaw in Microsoft's Server Message Block client and server running on Windows 11 systems using Microsoft SMB 3.1.1, according to the company.
Interestingly, Microsoft describes the flaw as Important, while researchers warn the bug is Critical and should be a priority patch.
"To exploit this, a remote, unauthenticated attacker would need to make a specially crafted call to an affected NFS server. This would provide the threat actor with code execution at elevated privileges. Microsoft lists this as Important severity, but if you're using NFS, I would treat it as Critical. Definitely test and deploy this fix quickly," advises Zero Day Initiative.
News URL
https://threatpost.com/microsoft-patches-dogwalk-zero-day-and-17-critical-flaws/180378/
Related news
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)