Data Recovery Digest

Do-It-Yourself Windows File Recovery Software: A Comparison

results »

Microsoft Issues Patch for DogWalk Exploit

While security exploits, vulnerabilities, and flaws are nothing new for Windows users, the development team with Microsoft has finally issued a patch for the DogWalk vulnerability. Since it was first discovered in 2019, Microsoft was hesitant to label it a specific vulnerability. However, this changed in August 2022, when the team finally acknowledged the threat and, ultimately issued a patch.

What is the DogWalk Vulnerability?

Officially known as CVE-2022-34713, the DogWalk flaw is a zero-day exploit that uses remote code to target the Microsoft Windows Support Diagnostic Tool, or MSDT. Once it’s been successfully targeted, the hacker is then free to execute code on the computer in question.

The Process

Like many other forms of malicious software, or malware, this exploit requires the user to download and install a diagnostic tool file with the .diagcab extension. It’s delivered via email or online via malicious websites, so cautious users will find it easy to avoid.

For those who have opened the file, however, they’ll see the exploit take over their system the next time they restart their computer. There are a variety of things that can happen at that point, but they typically involved downloading additional pieces of malware and further corrupting the user’s hard drive.

Who is Affected?

According to the team at Microsoft, the DogWalk vulnerability affects all versions of Windows that are currently still supported. This includes Windows 10, Windows 11, Windows Server 2022, and the most recent client and server versions. With more than one billion devices running Windows 10 or Windows 11, the number of potential victims is staggering.

Thankfully, the DogWalk vulnerability was officially patched within the August 2022 Patch, which addressed no less than 112 vulnerabilities in all. Of these flaws, 17 were listed as critical because they enable the execution of remote code or privilege escalation.

While these patches are normal, this is the second largest patch released in 2022 and it’s nearly triple that of the August 2021 patch. Nonetheless, users of Microsoft Windows are that much safer as a result.

Is it Too Little, Too Late?

But some see the latest patch and, in particular, the patching of the DogWalk vulnerability, as coming far too late. For starters, it took two years for the development team at Windows to fix the issue. Even when you consider the initial dismissal of the issue, it still took months for them to finally address the flaw.

Given the popularity and prevalence of Microsoft software, serious issues like this need to be identified, addresses, and patched sooner rather than later. Even the U.S. Cybersecurity and Infrastructure Security Agency, or CISA, has patched their systems to protect against the DogWalk vulnerability. They’ve also added the vulnerability to the list of Known Exploited Vulnerabilities.

While it’s great to see the DogWalk vulnerability finally receive a patch, there will undoubtedly be even more bugs, flaws, and vulnerabilities in the future. Will the team at Microsoft ramp up their efforts toward cybersecurity, or will they continue to lag behind?


No comments yet. Sign in to add the first!