With Patch Tuesday still many days away, there’s bad news for Windows users who need to be alert to two new zero-day exploits that have yet to be patched by Microsoft.

Follina and Dogwalk exploit Microsoft support tool

The problems are two-fold, but both involve vulnerabilities in the Microsoft Windows Support Diagnostic Tool (MSDT). The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has urged users and administrators to apply the workaround for one of these, CVE-2022-30190, as issued by Microsoft.

Essentially, disable the MSDT URL protocol to prevent ‘trouble-shooters’ being launched as links throughout the Windows operating system. This advice is hardly surprising seeing as reports suggest that exploits using Microsoft Office to get remote code execution on most versions of Windows and Windows Server.

Sponsored

No official Microsoft CVE-2022-30190 patch yet

Bleeping Computer reports that local governments “in at least two U.S. states” have been targeted by a “state-aligned” threat actor. The good news is that there’s an unofficial ‘micro-patch’ available, free of charge, through the third-party 0patch product. The CVE-2022-30190 (also known as Follina) micro-patch is available here for 15 different Windows and Windows Server flavors.

Dogwalk is off the leash

This might leave you wondering about the second zero-day. While being another zero-day vulnerability involving the Microsoft Support Diagnostics Tool, a security researcher has tweeted that it’s not the same as Follina in that it’s a path traversal rather than PowerShell code injection exploit. It is, however, described as being a two-click remote code execution attack so not to be taken lightly. There is no CVE for this one yet, but it has been called Dogwalk for now.

I have reached out to Microsoft for further information regarding patches for both of these and will update this article once I know more.

In the meantime, 0Patch once again has a temporary micro-patch solution available here. It’s only a matter of time, I would imagine, before Dogwalk exploits are being reported in the wild.

Sponsored

Leave a Reply

Your email address will not be published.