Recently, a Microsoft Support Diagnostic Tool (MSDT) zero-day vulnerability dubbed "Follina" came to the surface when security researchers found it and the word got around thanks to the media. Microsoft apparently ignored the vulnerability as a non-security issue initially (via @CrazymanArmy on Twitter), though later, the company acknowledged the remote code execution (RCE) vulnerability and assigned the tracking ID CVE-2022-30190 to it. While there was no official patch provided by Microsoft except for steps to disable the MSDT, a micropatch was released by the 0patch team that you can download from the link on its official blog post here.
Following Follina, another zero-day threat which was first reported two years ago has come to the surface, and like Follina, this one too apparently has been ignored by Microsoft since the company has deemed it as not meeting "requirement immediate service".
This has to be a joke. That path traversal 0day is a "wonfix" again. 🤦♂️
— j00sean (@j00sean) June 7, 2022
I think someone at @msftsecresponse didn't get this is not a chromium-based bug. It's a MSDT one, buddies! Someone at Redmond should review my Twitter timeline :-) Isn't a MSRC guy there reading this? 🫤 pic.twitter.com/jC02nzgnuV
This vulnerability, which doesn't have a tracking ID or CVE yet, has been named "DogWalk" and it has been found to be path traversal vulnerability which lands a payload in the Windows Startup folder location:
C:\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
This means the malware is executed when the user logs into their system next time. The downloaded diagcab file has a Mark of the Web (MOTW) but MSDT ignores the warning and runs it anyway making users vulnerable to this potential exploit.
The micropatch by 0patch is simple 11 instructions long which basically blocks this MSDT file from running. And like Follina, it is available for the following Windows versions:
Windows 11 21H2
Windows 10 21H2
Windows 10 21H1
Windows 10 20H2
Windows 10 2004
Windows 10 1909
Windows 10 1903
Windows 10 1809
Windows 10 1803
Windows 7
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Windows Server 2019
Windows Server 2022
To download the micropatch, head over to 0patch official blog post linked here. You can also find more technical details in the article.
1 Comment - Add comment