Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label DogWalk Windows Zero-Day Bug. Show all posts

0patch Launched Unofficial Patches For ‘DogWalk’ Windows Zero-Day Bug

 

Today, the 0patch platform has released free unofficial patches for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT). 
The security flaw tracked as ‘Dogwalk’ is a path traversal flaw that can exploit to copy an executable to the Windows Startup folder when the victim opens a maliciously crafted .diagcab file (received via email or downloaded from the web). 

“The vulnerability lies in the Microsoft Diagnostic Tool’s sdiageng.dll library, which takes the attacker-supplied folder path from the package configuration XML file inside the diagcab archive, and copies all files from that folder to a local temporary folder...” 0patch told in a post0. 

“...During this process, it enumerates files in the attacker’s folder, gets the file name for each of them, then glues together the local temporary path and that file name to generate the local path on the computer where the file is to be created..”

As per the technical data, this flaw was first publicly discovered by security researcher Imre Rad in January 2020, however, Microsoft denied launching patches for the vulnerability because it was not a security issue, according to Microsoft. 

However, recently, the bug was re-discovered by security researcher j00sean. Following the same issue, Microsoft reported that the Outlook users are safe because .diagcab automatically will block. 

Until Microsoft comes with official security patches for this zero-day bug, the 0patch micro patching service has already launched unofficial and free downloaded patches for most affected Windows versions which are listed below:

1. Windows 11 v21H2 
2. Windows 10 (v1803 to v21H2) 
3. Windows 7 
4. Windows Server 2008 R2 
5. Windows Server 2012 
6. Windows Server 2012 R2 
7. Windows Server 2016 
8. Windows Server 2019 
9. Windows Server 2022 

“During my testing, I concluded that neither Gmail nor Outlook Live blocked .diagcab files at all, so users of these services could be potential targets. I encountered the filtering mechanism of some MS Exchange-based corporate servers blocking my attachments, however, by linking to a WebDAV share, I could circumvent this protection so the diagcab file could be executed in Outlook….” wrote Rad. 

“…But not even links like this can be used ultimately, they are deactivated by providers like Gmail or Outlook Live and blocked by other security measures of Internet Explorer.”