• Tech News
  • Fintech
  • Startup
  • Games
  • Ar & Vr
  • Reviews
  • How To
  • More
    • Mobile Tech
    • Pc & Laptop
    • Security
What's Hot

Ninja Artisan electric outdoor pizza oven and air fryer review: Easy as pie

July 4, 2025

Apple Mulled Entering the Cloud Wars With an AWS Competitor

July 4, 2025

Apple Will Make Joining Public Wi-Fi Networks Easier in iOS 26

July 3, 2025
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
  • Fintech
  • Startup
  • Games
  • Ar & Vr
  • Reviews
  • How To
  • More
    • Mobile Tech
    • Pc & Laptop
    • Security
Behind The ScreenBehind The Screen
Home»Tech News»Microsoft fixes two-year-old MSDT vulnerability in August update
Tech News

Microsoft fixes two-year-old MSDT vulnerability in August update

August 13, 2022No Comments3 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Microsoft fixes two-year-old MSDT vulnerability in August update
Share
Facebook Twitter LinkedIn Pinterest Email

Two-and-a-half years after a safety researcher publicly disclosed the existence of a distant code execution (RCE) zero-day vulnerability within the Microsoft Home windows Help Diagnostic Software (MSDT), dubbed DogWalk, Microsoft has lastly issued a repair for the issue after a brand new variant emerged, having beforehand not finished so on the idea that it didn’t meet the proper standards.

Tracked as CVE-2022-34713, profitable exploitation requires the sufferer to be satisfied to open a specifically crafted file, which will be delivered both by way of electronic mail or an attacker-controlled or compromised web site. As such, it’s rated merely vital versus important.

That is the second main MSDT vulnerability to have been fastened by Microsoft prior to now few months, following the disclosure of the harmful Follina zero-day on the finish of Might, which was patched in June.

“With reviews that CVE-2022-34713 has been exploited within the wild, it could seem that attackers wish to reap the benefits of flaws inside MSDT as a lot of these flaws are extraordinarily worthwhile to launch spear phishing assaults,” stated Tenable senior employees analysis engineer Satnam Narang.

“A wide range of menace actors leverage spear phishing, from superior persistent menace (APT) teams to ransomware associates,” he stated. “For attackers, bugs that may be executed by way of malicious paperwork stay a worthwhile software, so flaws like Follina and CVE-2022-34713 will proceed for use for months. Due to this fact, it is important that organisations apply the out there patches as quickly as doable.”

Qualys director of vulnerability and menace analysis Bharat Jogi added: “The DogWalk zero-day vulnerability just isn’t new to the trade. It was initially reported again in 2019, however not deemed a vulnerability because it was believed to require vital person interplay to take advantage of, and there have been varied different mitigations in place.

See also  Apple says fix for fix is coming after security update accidentally breaks web for some

“Nevertheless, as we see in the present day’s unhealthy actors rising extra subtle and inventive of their exploits, a latest zeroday that leveraged the ms:msdt protocol URI scheme (Follina) pressured MSFT to rethink DogWalk as a vulnerability,” he stated. “Follina has been not too long ago utilized by menace actors – for instance, Chinese language APT TA413 – in phishing campaigns which have focused native US and European authorities personnel, in addition to a significant Australian telecommunications supplier. Profitable exploitation of this vulnerability permits an attacker to deploy malware and achieve foothold on a system.”

The August replace fixes a larger-than-average complete of 121 vulnerabilities, 17 of them classed as important – possible partly because of disclosures and proof-of-concept exploits to be proven off at Black Hat USA and the upcoming DEF CON hacker occasion.

Of the important vulnerabilities, two of essentially the most extreme look like CVE-2022-30133 and CVE-2022-35744, each of that are RCE vulnerabilities affecting Home windows Level-to-Level Protocol, and each of which carry CVSS scores of 9.8, though neither has been made public or exploited. A full breakdown of this month’s important vulnerabilities is accessible from the Zero Day Initiative.

Additionally notably noteworthy is a publicly disclosed however not-yet-exploited data disclosure vulnerability affecting Trade Server, tracked as CVE-2022-30134. Greg Wiseman, lead product supervisor at Rapid7, defined its significance:

“On this case, merely patching just isn’t ample to guard in opposition to attackers having the ability to learn focused electronic mail messages,” he stated. “Directors ought to allow Prolonged Safety with the intention to absolutely remediate this vulnerability, in addition to the 5 different vulnerabilities affecting Trade this month. Particulars about easy methods to accomplish this can be found by way of the Trade Weblog.”

See also  Microsoft to roll out grid-interactive UPS tech to its Dublin datacentre

Source link

August fixes Microsoft MSDT twoyearold Update Vulnerability
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

iOS 26’s Ringtone Update Is the Customization Win We Needed

June 20, 2025

Apple’s Parental Controls Just Got an Update, but Is It Enough?

May 15, 2025

Update Your Apple Home Before iOS 19 Arrives

May 14, 2025

iOS 18.5 Brings First Security Update for Apple’s C1 Modem

May 14, 2025
Add A Comment

Comments are closed.

Editors Picks

The Justice Department is considering an antitrust case against Apple

August 26, 2022

How to Check If Your iPhone Is Still Covered under AppleCare+

August 15, 2023

Southeast Asian countries prep QR code payment interoperability

July 20, 2022

Why is it so hard to fix the chip crisis?

July 2, 2022

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

Ninja Artisan electric outdoor pizza oven and air fryer review: Easy as pie

Apple Mulled Entering the Cloud Wars With an AWS Competitor

Apple Will Make Joining Public Wi-Fi Networks Easier in iOS 26

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2025 behindthescreen.fr - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.