Windows MSDT 0-day vulnerability "DogWalk" receives 0patch fix

Windows[German]In addition to the Follina vulnerability (CVE-2022-30190) in the Windows ms-msdt protocol, there is another DogWalk-named vulnerability in connection with the Microsoft Diagnostic Tool (MSDT). This vulnerability was reported to Microsoft two years ago, but is unlikely to be patched. The ACROS Security team has taken the Follina story as an opportunity to provide a micro-patch for DogWalk as well. I have prepared the information below.


Advertising

I came across the following tweet from Mitja Kolsek, which refers to the DogWalk vulnerability and the micro-patch published by ACROS Security, the other day.

Microsoft Diagnostic Tool "DogWalk" Package Path Traversal Gets Free Micropatches

Vulnerability discovered in 2020

In January 2020 security researcher Imre Rad published an article titled "The trouble with Microsoft's Troubleshooters". In the article, he described a method to save a malicious executable file in the user's autostart folder and execute it the next time the user logs on. To do this, the user must open a "diagcab" file, a Cabinet (CAB) file format archive that contains a diagnostic configuration file.

DogWalk vulnerability in Windows

The security researcher reported the whole thing to Microsoft, but received feedback that Redmond does not see a security problem. The tweet above shows an excerpt from the reply. Thus, the issue was out of Microsoft's focus – and there was no patch. Microsoft Defender does not know about this attack option either.


Advertising

YouTube-Video

ACROS Security demonstrates this attack possibility in the video above. Mitja Kolsek has described the details of the attack in detail in his blog post Microsoft Diagnostic Tool "DogWalk" Package Path Traversal Gets Free Micropatches (0day/WontFix). So far, however, no attack has been reported via the vulnerability.

Micro-patch from 0patch

Since Microsoft did not publish a patch for this vulnerability, the founder of ACROS Security, Mitja Kolsek, has unceremoniously published a micro-patch and makes it available via the 0patch agent for the following Windows versions.

  1. Windows 11 v21H2
  2. Windows 10 v21H2
  3. Windows 10 v21H1
  4. Windows 10 v20H2
  5. Windows 10 v2004
  6. Windows 10 v1909
  7. Windows 10 v1903
  8. Windows 10 v1809
  9. Windows 10 v1803
  10. Windows 7
  11. Windows Server 2008 R2
  12. Windows Server 2012
  13. Windows Server 2012 R2
  14. Windows Server 2016
  15. Windows Server 2019
  16. Windows Server 2022

The micro patch is free as long as no fix is available from Microsoft. Only the 0patch agent in the free version is needed. Notes on how the 0patch agent works, which loads the micropatches into memory at runtime of an application, can be found in the blog posts (suchas here).

Similar articles:
Follina: Attack via Word documents and ms-msdt protocol (CVE-2022-30190)
Follina vulnerabilitiy (CVE-2022-30190): Status, Findings, Warnings & Attacks
0Patch Micro patch against Follina vulnerability (CVE-2022-30190) in Windows
Follina (CVE-2022-30190): No major attack wave, but campaigns on EU/US and other targets
Windows Vulnerability Follina (CVE-2022-30190): New findings, new risks (June 9, 2022)

0patch: Fix for Internet Explorer 0-day vulnerability CVE-2020-0674
0patch: Fix for Windows Installer flaw CVE-2020-0683
0patch fix for Windows GDI+ vulnerability CVE-2020-0881
0-day vulnerability in Windows Adobe Type Library
0patch fixes CVE-2020-0687 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1048 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1015 in Windows 7/Server 2008 R2
0patch for 0-day RCE vulnerability in Zoom for Windows
Windows Server 2008 R2: 0patch fixes SIGRed vulnerability
0patch fixes CVE-2020-1113 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1337 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1530 in Windows 7/Server 2008 R2
0patch fixes Zerologon (CVE-2020-1472) vulnerability in Windows Server 2008 R2
0patch fixes CVE-2020-1062 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1300 in Windows 7/Server 2008 R2
0patch fixes 0-day vulnerability in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1013 in Windows 7/Server 2008 R2
0patch fixes a Local Privilege Escalation 0-day in Sysinternals PsExec
0patch fixes Windows Installer 0-day Local Privilege Escalation vulnerability
0patch fixes 0-day in Internet Explorer
0patch fixes CVE-2021-26877 in the DNS server of Windows Server 2008 R2
0patch fixes Windows Installer LPE-Bug (CVE-2021-26415)
0Patch provides support for Windows 10 version 1809 after EOL
Windows 10 V180x: 0Patch fixes IE vulnerability CVE-2021-31959
0Patch Micropatches for PrintNightmare Vulnerability (CVE-2021-34527)
0patch fix for new Windows PrintNightmare 0-day vulnerability (Aug. 5, 2021)
0patch fix for Windows PetitPotam 0-day vulnerability (Aug. 6, 2021)
2nd 0patch fix for Windows PetitPotam 0-day vulnerability (Aug. 19, 2021)
Windows 10: 0patch fix for MSHTML vulnerability (CVE-2021-40444)
0patch fixes LPE Vulnerability (CVE-2021-34484) in Windows User Profile Service
0patch fixes LPE vulnerability (CVE-2021-24084) in Mobile Device Management Service
0patch fixes InstallerTakeOver LPE 0-day vulnerability in Windows
0patch fixes ms-officecmd RCE vulnerability in Windows
0patch fixes RemotePotato0 vulnerability in Windows
0patch fixes again vulnerability CVE-2021-34484 in Windows 10/Server 2019
0Patch fixes vulnerabilities (CVE-2022-26809 and CVE-2022-22019) in Windows


Advertising

This entry was posted in Security, Windows and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).