• Tech News
  • Fintech
  • Startup
  • Games
  • Ar & Vr
  • Reviews
  • How To
  • More
    • Mobile Tech
    • Pc & Laptop
    • Security
What's Hot

Oppo Find N5 review: Stellar foldable has one big problem

July 30, 2025

The Naked Gun review: Charged with man’s laughter

July 30, 2025

Samsung Galaxy Tab S10 FE+ review: A Galaxy Tab S10+ for less?

July 30, 2025
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
  • Fintech
  • Startup
  • Games
  • Ar & Vr
  • Reviews
  • How To
  • More
    • Mobile Tech
    • Pc & Laptop
    • Security
Behind The ScreenBehind The Screen
Home»Tech News»Microsoft fixes two-year-old MSDT vulnerability in August update
Tech News

Microsoft fixes two-year-old MSDT vulnerability in August update

August 13, 2022No Comments3 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Microsoft fixes two-year-old MSDT vulnerability in August update
Share
Facebook Twitter LinkedIn Pinterest Email

Two-and-a-half years after a safety researcher publicly disclosed the existence of a distant code execution (RCE) zero-day vulnerability within the Microsoft Home windows Help Diagnostic Software (MSDT), dubbed DogWalk, Microsoft has lastly issued a repair for the issue after a brand new variant emerged, having beforehand not finished so on the idea that it didn’t meet the proper standards.

Tracked as CVE-2022-34713, profitable exploitation requires the sufferer to be satisfied to open a specifically crafted file, which will be delivered both by way of electronic mail or an attacker-controlled or compromised web site. As such, it’s rated merely vital versus important.

That is the second main MSDT vulnerability to have been fastened by Microsoft prior to now few months, following the disclosure of the harmful Follina zero-day on the finish of Might, which was patched in June.

“With reviews that CVE-2022-34713 has been exploited within the wild, it could seem that attackers wish to reap the benefits of flaws inside MSDT as a lot of these flaws are extraordinarily worthwhile to launch spear phishing assaults,” stated Tenable senior employees analysis engineer Satnam Narang.

“A wide range of menace actors leverage spear phishing, from superior persistent menace (APT) teams to ransomware associates,” he stated. “For attackers, bugs that may be executed by way of malicious paperwork stay a worthwhile software, so flaws like Follina and CVE-2022-34713 will proceed for use for months. Due to this fact, it is important that organisations apply the out there patches as quickly as doable.”

Qualys director of vulnerability and menace analysis Bharat Jogi added: “The DogWalk zero-day vulnerability just isn’t new to the trade. It was initially reported again in 2019, however not deemed a vulnerability because it was believed to require vital person interplay to take advantage of, and there have been varied different mitigations in place.

See also  'Wordle' today, August 21: Answer, hints, help for Wordle #428

“Nevertheless, as we see in the present day’s unhealthy actors rising extra subtle and inventive of their exploits, a latest zeroday that leveraged the ms:msdt protocol URI scheme (Follina) pressured MSFT to rethink DogWalk as a vulnerability,” he stated. “Follina has been not too long ago utilized by menace actors – for instance, Chinese language APT TA413 – in phishing campaigns which have focused native US and European authorities personnel, in addition to a significant Australian telecommunications supplier. Profitable exploitation of this vulnerability permits an attacker to deploy malware and achieve foothold on a system.”

The August replace fixes a larger-than-average complete of 121 vulnerabilities, 17 of them classed as important – possible partly because of disclosures and proof-of-concept exploits to be proven off at Black Hat USA and the upcoming DEF CON hacker occasion.

Of the important vulnerabilities, two of essentially the most extreme look like CVE-2022-30133 and CVE-2022-35744, each of that are RCE vulnerabilities affecting Home windows Level-to-Level Protocol, and each of which carry CVSS scores of 9.8, though neither has been made public or exploited. A full breakdown of this month’s important vulnerabilities is accessible from the Zero Day Initiative.

Additionally notably noteworthy is a publicly disclosed however not-yet-exploited data disclosure vulnerability affecting Trade Server, tracked as CVE-2022-30134. Greg Wiseman, lead product supervisor at Rapid7, defined its significance:

“On this case, merely patching just isn’t ample to guard in opposition to attackers having the ability to learn focused electronic mail messages,” he stated. “Directors ought to allow Prolonged Safety with the intention to absolutely remediate this vulnerability, in addition to the 5 different vulnerabilities affecting Trade this month. Particulars about easy methods to accomplish this can be found by way of the Trade Weblog.”

See also  LastPass breach limited in scale and well-managed, say experts

Source link

August fixes Microsoft MSDT twoyearold Update Vulnerability
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Here’s What’s Coming to Apple Arcade in August

July 12, 2025

iOS 26’s Ringtone Update Is the Customization Win We Needed

June 20, 2025

Apple’s Parental Controls Just Got an Update, but Is It Enough?

May 15, 2025

Update Your Apple Home Before iOS 19 Arrives

May 14, 2025
Add A Comment

Comments are closed.

Editors Picks

Monster Hunter Rise: Sunbreak trailer takes a look at Lucent Nargacuga and the Forlorn Arena

July 27, 2022

Nothing Phone (3a) vs Redmi Note 14 Pro 5G: Let’s compare them

May 7, 2025

Roche to acquire Good Therapeutics’ lead drug program for $250M, plus milestone payments – Startup

September 8, 2022

Microplastics Are Everywhere. Here’s What You Can Do About It

October 27, 2022

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

Oppo Find N5 review: Stellar foldable has one big problem

The Naked Gun review: Charged with man’s laughter

Samsung Galaxy Tab S10 FE+ review: A Galaxy Tab S10+ for less?

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2025 behindthescreen.fr - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.