Security News > 2022 > August > Microsoft Patches ‘Dogwalk’ Zero-Day and 17 Critical Flaws

Microsoft is urging users to patch a zero-day vulnerability dubbed Dogwalk that is actively being exploited in the wild.

The actively exploited Dogwalk bug was first reported to Microsoft in January 2020 by researcher Imre Rad. However, it wasn't until a separate researchers began tracking the exploitation of a flaw dubbed Follina that the Dogwalk bug was rediscovered.

Microsoft has released a separate alert page for this flaw to help mitigate the flaws.

Back in the Patch Tuesday spotlight is a critical flaw in Microsoft's Server Message Block client and server running on Windows 11 systems using Microsoft SMB 3.1.1, according to the company.

Interestingly, Microsoft describes the flaw as Important, while researchers warn the bug is Critical and should be a priority patch.

"To exploit this, a remote, unauthenticated attacker would need to make a specially crafted call to an affected NFS server. This would provide the threat actor with code execution at elevated privileges. Microsoft lists this as Important severity, but if you're using NFS, I would treat it as Critical. Definitely test and deploy this fix quickly," advises Zero Day Initiative.

News URL

https://threatpost.com/microsoft-patches-dogwalk-zero-day-and-17-critical-flaws/180378/