{"id":19813,"date":"2022-08-10T08:30:03","date_gmt":"2022-08-10T16:30:03","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/08\/10\/news-13546\/"},"modified":"2022-08-10T08:30:03","modified_gmt":"2022-08-10T16:30:03","slug":"news-13546","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/08\/10\/news-13546\/","title":{"rendered":"Microsoft urges Windows users to run patch for DogWalk zero-day exploit"},"content":{"rendered":"

<\/p>\n

Credit to Author: Charlotte Trueman| Date: Wed, 10 Aug 2022 07:37:00 -0700<\/strong><\/p>\n

Microsoft has confirmed that a high-severity, zero-day<\/a> security vulnerability is actively being exploited by threat actors and is advising all Windows and Windows Server users to apply its latest monthly Patch Tuesday<\/a> update as soon as possible.<\/p>\n

The vulnerability, known as CVE-2022-34713 or DogWalk, allows attackers to exploit a weakness in the Windows Microsoft Support Diagnostic Tool (MSDT). By using social engineering or phishing, attackers can trick users into visiting a fake website or opening a malicious document or file and ultimately gain remote code execution on compromised systems.<\/p>\n

DogWalk affects all Windows versions under support, including the latest client and server releases, Windows 11 and Windows Server 2022.<\/p>\n

The vulnerability was first reported in January 2020 but at the time, Microsoft said it didn\u2019t consider the exploit to be a security issue. This is the second time in recent months that Microsoft has been forced to change its position on a known exploit, having initially rejected reports that another Windows MSDT zero-day, known as Follina<\/a>, posed a security threat. A patch for that exploit was released in June\u2019s Patch Tuesday<\/a> update.<\/p>\n

Charl van der Walt, head of security research at Orange Cyberdefense, said that although Microsoft could perhaps be criticised for failing to consider how frequently and easily files with apparently innocent extensions are used to deliver malicious payloads, also noted that with several thousand vulnerabilities reported each year, it\u2019s to be expected that Microsoft\u2019s risk-based triage approach to assessing vulnerabilities won\u2019t be infallible.<\/p>\n

\u201cIf everything is urgent, then nothing is urgent,\u201d he said. \u201cThe security community has long stopped believing vulnerabilities and threats will be eradicated any time soon, so the challenge now becomes the development of a kind of agility that can perceive changes in the threat landscape and adapt accordingly.\u201d<\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Charlotte Trueman| Date: Wed, 10 Aug 2022 07:37:00 -0700<\/strong><\/p>\n

\n
\n

Microsoft has confirmed that a high-severity, zero-day<\/a> security vulnerability is actively being exploited by threat actors and is advising all Windows and Windows Server users to apply its latest monthly Patch Tuesday<\/a> update as soon as possible.<\/p>\n

The vulnerability, known as CVE-2022-34713 or DogWalk, allows attackers to exploit a weakness in the Windows Microsoft Support Diagnostic Tool (MSDT). By using social engineering or phishing, attackers can trick users into visiting a fake website or opening a malicious document or file and ultimately gain remote code execution on compromised systems.<\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[714,24580,10525],"class_list":["post-19813","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-security","tag-small-and-medium-business","tag-windows"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/19813","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=19813"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/19813\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=19813"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=19813"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=19813"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}