• Tech News
    • Games
    • Pc & Laptop
    • Mobile Tech
    • Ar & Vr
    • Security
  • Startup
    • Fintech
  • Reviews
  • How To
What's Hot

Elementor #32036

January 24, 2025

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

April 18, 2024

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

April 16, 2024
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
    1. Games
    2. Pc & Laptop
    3. Mobile Tech
    4. Ar & Vr
    5. Security
    6. View All

    Bring Elden Ring to the table with the upcoming board game adaptation

    September 19, 2022

    ONI: Road to be the Mightiest Oni reveals its opening movie

    September 19, 2022

    GTA 6 images and footage allegedly leak

    September 19, 2022

    Wild west adventure Card Cowboy turns cards into weird and silly stories

    September 18, 2022

    7 Reasons Why You Should Study PHP Programming Language

    October 19, 2022

    Logitech MX Master 3S and MX Keys Combo for Business Gen 2 Review

    October 9, 2022

    Lenovo ThinkPad X1 Carbon Gen10 Review

    September 18, 2022

    Lenovo IdeaPad 5i Chromebook, 16-inch+120Hz

    September 3, 2022

    It’s 2023 and Spotify Still Can’t Say When AirPlay 2 Support Will Arrive

    April 4, 2023

    YouTube adds very convenient iPhone homescreen widgets

    October 15, 2022

    Google finishes iOS 16 Lock Screen widgets rollout w/ Maps

    October 14, 2022

    Is Apple actually turning iMessage into AIM or is this sketchy redesign rumor for laughs?

    October 14, 2022

    MeetKai launches AI-powered metaverse, starting with a billboard in Times Square

    August 10, 2022

    The DeanBeat: RP1 simulates putting 4,000 people together in a single metaverse plaza

    August 10, 2022

    Improving the customer experience with virtual and augmented reality

    August 10, 2022

    Why the metaverse won’t fall to Clubhouse’s fate

    August 10, 2022

    How Apple privacy changes have forced social media marketing to evolve

    October 16, 2022

    Microsoft Patch Tuesday October Fixed 85 Vulnerabilities – Latest Hacking News

    October 16, 2022

    Decentralization and KYC compliance: Critical concepts in sovereign policy

    October 15, 2022

    What Thoma Bravo’s latest acquisition reveals about identity management

    October 14, 2022

    What is a Service Robot? The vision of an intelligent service application is possible.

    November 7, 2022

    Tom Brady just chucked another Microsoft Surface tablet

    September 18, 2022

    The best AIO coolers for your PC in 2022

    September 18, 2022

    YC’s Michael Seibel clarifies some misconceptions about the accelerator • DailyTech

    September 18, 2022
  • Startup
    • Fintech
  • Reviews
  • How To
Behind The ScreenBehind The Screen
Home»Tech News»Microsoft fixes two-year-old MSDT vulnerability in August update
Tech News

Microsoft fixes two-year-old MSDT vulnerability in August update

August 14, 2022No Comments3 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Microsoft fixes two-year-old MSDT vulnerability in August update
Share
Facebook Twitter LinkedIn Pinterest Email

Two-and-a-half years after a security researcher publicly disclosed the existence of a remote code execution (RCE) zero-day vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT), dubbed DogWalk, Microsoft has finally issued a fix for the problem after a new variant emerged, having previously not done so on the basis that it did not meet the right criteria.

Tracked as CVE-2022-34713, successful exploitation requires the victim to be convinced to open a specially crafted file, which can be delivered either via email or an attacker-controlled or compromised website. As such, it is rated merely important as opposed to critical.

This is the second major MSDT vulnerability to have been fixed by Microsoft in the past few months, following the disclosure of the dangerous Follina zero-day at the end of May, which was patched in June.

“With reports that CVE-2022-34713 has been exploited in the wild, it would appear that attackers are looking to take advantage of flaws within MSDT as these types of flaws are extremely valuable to launch spear phishing attacks,” said Tenable senior staff research engineer Satnam Narang.

“A variety of threat actors leverage spear phishing, from advanced persistent threat (APT) groups to ransomware affiliates,” he said. “For attackers, bugs that can be executed via malicious documents remain a valuable tool, so flaws like Follina and CVE-2022-34713 will continue to be used for months. Therefore, it is vital that organisations apply the available patches as soon as possible.”

Qualys director of vulnerability and threat research Bharat Jogi added: “The DogWalk zero-day vulnerability is not new to the industry. It was initially reported back in 2019, but not deemed a vulnerability as it was believed to require significant user interaction to exploit, and there were various other mitigations in place.

See also  SMITE midseason replace provides extra traditional Nickelodeon characters

“However, as we see today’s bad actors growing more sophisticated and creative in their exploits, a recent zeroday that leveraged the ms:msdt protocol URI scheme (Follina) forced MSFT to reconsider DogWalk as a vulnerability,” he said. “Follina has been recently used by threat actors – for example, Chinese APT TA413 – in phishing campaigns that have targeted local US and European government personnel, as well as a major Australian telecommunications provider. Successful exploitation of this vulnerability allows an attacker to deploy malware and gain foothold on a system.”

The August update fixes a larger-than-average total of 121 vulnerabilities, 17 of them classed as critical – likely in part due to disclosures and proof-of-concept exploits to be shown off at Black Hat USA and the upcoming DEF CON hacker event.

Of the critical vulnerabilities, two of the most severe appear to be CVE-2022-30133 and CVE-2022-35744, both of which are RCE vulnerabilities affecting Windows Point-to-Point Protocol, and both of which carry CVSS scores of 9.8, although neither has been made public or exploited. A full breakdown of this month’s critical vulnerabilities is available from the Zero Day Initiative.

Also particularly noteworthy is a publicly disclosed but not-yet-exploited information disclosure vulnerability affecting Exchange Server, tracked as CVE-2022-30134. Greg Wiseman, lead product manager at Rapid7, explained its significance:

“In this case, simply patching is not sufficient to protect against attackers being able to read targeted email messages,” he said. “Administrators should enable Extended Protection in order to fully remediate this vulnerability, as well as the five other vulnerabilities affecting Exchange this month. Details about how to accomplish this are available via the Exchange Blog.”

Source link

See also  Amazon Prime Day 2022: the very best offers nonetheless out there on TVs, headphones, laptops, and extra
August fixes Microsoft MSDT twoyearold Update Vulnerability
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Microsoft Surface Laptop Go 3 review

October 26, 2023

Microsoft Surface Laptop Studio 2 review

October 13, 2023

Ethereum’s Shanghai Update Opens a Rift in Crypto

April 11, 2023

ChatGPT Opened a New Era in Search. Microsoft Could Ruin It

March 27, 2023
Add A Comment

Comments are closed.

Editors Picks

Samsung Galaxy S23 review

March 17, 2023

TrovaTrip, which matches travel group hosts with travelers, lands $15M – Startup

September 23, 2022

My quest for the perfect productivity mouse

October 7, 2022

Warhammer 40,000: Battlesector’s new Daemonic replace is now accessible

July 29, 2022

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

Elementor #32036

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2025 behindthescreen.uk - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.