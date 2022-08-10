



Microsoft Confirms Zero-Day Attack, Recommends All Windows Users To Update

SOPA Image/LightRocket via Getty Images

With the arrival of monthly “Patch Tuesday” security updates for Windows users, Microsoft has confirmed that one zero-day security vulnerability has already been exploited.

All Windows and Windows Server users are encouraged to update as soon as possible after Microsoft confirms that CVE-2022-34713 (aka DogWalk) is being actively exploited by attackers.

What is the DogWalk Vulnerability?

A high impact remote code execution vulnerability exists in Windows Support Diagnostic Tool (MSDT) that could lead to system compromise. This isn’t the first time MSDT has been targeted by cybercriminals, nor is it the first time we’ve encountered DogWalk. As we first reported on June 8th, “I think it’s only a matter of time before the DogWalk exploit is actually reported.” The time has come.

Amazingly, this vulnerability was first disclosed in January 2020. Microsoft reportedly did not consider this a security issue at the time.

An attacker could exploit this vulnerability using social engineering or phishing tactics to trick a user into opening a malicious document or file or visiting a compromised website.

CISA Issues Mandatory Renewal Alerts to U.S. Federal Agencies

Worryingly, this vulnerability affects all users of all currently supported versions of Windows and Windows Server. The US Cybersecurity and Infrastructure Security Agency (CISA) has added DogWalk to its list of known exploited vulnerabilities and ordered federal agencies to patch it by the end of the month.

I encourage all users to do the same more quickly by applying the Patch Tuesday update as soon as possible.

DogWalk is the only zero-day vulnerability patched, but the update covers a total of 121 vulnerabilities, 17 of which are rated Important.

Dustin Childs of Trend Micro’s Zero Day Initiative said: Year. “

A complete list of Windows security updates for August can be found in the update guide published by the Microsoft Security Response Center.

