"DogWalk", another Microsoft-ignored MSDT vulnerability like Follina gets unofficial patch

By Neowin · · Hot!
View full version

Recently, a Microsoft Support Diagnostic Tool (MSDT) zero-day vulnerability dubbed "Follina" came to the surface when security researchers found it and the word got around thanks to the media. Microsoft apparently ignored the vulnerability as a non-security issue initially (via @CrazymanArmy on Twitter), though later, the company acknowledged the remote code execution (RCE) vulnerability and assigned the tracking ID CVE-2022-30190 to it. While there was no official patch provided by Microsoft except for steps to disable the MSDT, a micropatch was released by the 0patch team that you can download from the link on its official blog post here.

Following Follina, another zero-day threat which was first reported two years ago has come to the surface, and like Follina, this one too apparently has been ignored by Microsoft since the company has deemed it as not meeting "requirement immediate service".

This has to be a joke. That path traversal 0day is a "wonfix" again. 🤦‍♂️

I think someone at @msftsecresponse didn"t get this is not a chromium-based bug. It"s a MSDT one, buddies! Someone at Redmond should review my Twitter timeline :-) Isn"t a MSRC guy there reading this? 🫤 pic.twitter.com/jC02nzgnuV

— j00sean (@j00sean) June 7, 2022

This vulnerability, which doesn"t have a tracking ID or CVE yet, has been named "DogWalk" and it has been found to be path traversal vulnerability which lands a payload in the Windows Startup folder location:

 C:\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

This means the malware is executed when the user logs into their system next time. The downloaded diagcab file has a Mark of the Web (MOTW) but MSDT ignores the warning and runs it anyway making users vulnerable to this potential exploit.

The micropatch by 0patch is simple 11 instructions long which basically blocks this MSDT file from running. And like Follina, it is available for the following Windows versions:

  • Windows 11 21H2

  • Windows 10 21H2

  • Windows 10 21H1

  • Windows 10 20H2

  • Windows 10 2004

  • Windows 10 1909

  • Windows 10 1903

  • Windows 10 1809

  • Windows 10 1803

  • Windows 7

  • Windows Server 2008 R2

  • Windows Server 2012

  • Windows Server 2012 R2

  • Windows Server 2016

  • Windows Server 2019

  • Windows Server 2022

To download the micropatch, head over to 0patch official blog post linked here. You can also find more technical details in the article.

Report a problem with article
Next Article

Nothing's Phone (1) official launch date revealed

Previous Article

Microsoft Edge 104.0.1278.2 adds improved icons on macOS