Microsoft Patches 'DogWalk' Zero-Day in August Patch TuesdayMonthly Dump Includes Patches for 141 Flaws, Including 17 'Critical' Fixes
Microsoft's newest bundle of patches includes a fix for a zero-day vulnerability known as DogWalk that allows hackers to gain remote code execution in Windows.
See Also: Rapid Digitization and Risk: A Roundtable Preview
The operating system giant's newest Patch Tuesday dump includes patches for 141 flaws, of which 17 "critical" fixes stop the possibility of remote code execution or elevation of privileges.
This month's batch of patches is the second-largest release this year and is almost triple the size of last year's August release.
DogWalk, tracked as CVE-2022-34713, exploits a bug in the Microsoft Windows Support Diagnostic Tool via remote code execution. MSDT is a utility built into Windows designed to collect information to send to Microsoft. It's the utility that makes possible the automated fix-it tools that Microsoft dubs "Troubleshooters," which are bundled into the operating system. Security researcher Imre Rad discovered the flaw in January 2020. Microsoft's belated June patch of a flaw also in the MSDT utility Follina renewed pressure to issue a fix (see: Late Fix for Follina on Microsoft Patch Tuesday).
Exploiting DogWalk requires an attacker to send the victim a specially crafted file or a link to open or click on.
"There is an element of social engineering to this, as a threat actor would need to convince a user to click a link or open a document," writes Dustin Childs of TrendMicro's Zero Day Initiative.
Rad says Microsoft responded to his initial disclosure by arguing Outlook and Internet Explorer stopped users from downloading the malicious file necessary to exploit DogWalk. "The issue is that to make use of this attack, an attacker needs to create what amounts to a virus, convince a user to download the virus, and then run it," was Microsoft's response, Rad says.
One of the key vulnerabilities in this Patch Tuesday is tracked as CVE-2022-35804. It has a CVSS score of 8.8, is rated critical and exists in the Server Messenger Block protocol affecting Windows 11 clients and servers.
"The server side of this bug would allow a remote, unauthenticated attacker to execute code with elevated privileges on affected SMB servers," says Childs. "This could potentially be wormable between affected Windows 11 systems with SMB server enabled."
A trio of CVEs also warrants an urgent patch by organizations running local Exchange servers, since an authenticated attacker could use them to take over mailboxes.
"Rarely are elevation of privilege bugs rated Critical, but vulnerabilities tracked as CVE-2022-21980, CVE-2022-24516 and CVE-2022-24477 certainly qualify," Childs says.
A Windows Network File System remote code execution vulnerability also makes its appearance for the fourth month in a row in this month's Patch Tuesday. This bug is tracked as CVE-2022-34715 and has a CVSS score of 9.8.
In order to exploit it, a remote unauthenticated attacker would need to make a specially crafted call to an affected NFS server that provides the threat actor with code execution at elevated privileges.
"Microsoft lists this as important severity, but if you're using NFS, I would treat it as Critical. Definitely test and deploy this fix quickly," Childs says.