New "DogWalk" Windows zero-day bug gets free unofficial patches June 7, 2022 "Free unofficial patches for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT) have been released today through the 0patch platform. The security flaw (jokingly dubbed DogWalk) is a path traversal flaw attackers can exploit to copy an executable to the Windows Startup folder when the target opens a maliciously crafted .diagcab file (received via email or downloaded from the web)." https://www.bleepingcomputer.com/news/security/new-dogwalk-windows-zero-day-bug-gets-free-unofficial-patches/
Refer to my posting here: https://www.wilderssecurity.com/thr...day-hole-in-office.445491/page-3#post-3086770 as to how this can be used to perform exploiting via ms-msdt Follina vulnerability.
Why would anyone download a .diagcab file? But yeah, it's still pretty riduculous that this can plant a malicious .exe file in the startupfolder. So yeah, always monitor this stuff. Still, the user should be tricked into downloading this stuff, then you might as well directly deliver malware.exe to this person.
So then Windows 8.1 is immune? Or else so different that patches from this outfit can't be in this loop for the temp fix?
There are ways to create executable files to make normally detected malware drop at Boot and then infect the system. About 6 years ago one such was coded and was the basis of my Boot Time protection series. Although the malware itself was never placed in the Wild, the mechanism was shared with interested developers and soon some that failed (like Kaspersky) added sufficient protection to negate such threats. Obviously this wouldn't cover true zero day undetectable malware, but with these a fancy delivery system isn't needed anyway. m
I wonder if a person could mitigate that by protecting the startup folder with a program like Secure Folders, or would that be too easy to circumvent?
I'm not sure if I understood you. I suppose AV's can detect malware at start up too right? But my point was that if you can trick people into downloading a .diagcab file, then you might as well make them download malware.exe and immediately infect them.
Some can detect malware at boot and others can't. And the cab file isn't now needed as it can also now be a Word Doc. Such a file showed up a few days ago (as a Doc) that acted as Follina but the file that was downloaded through Word was a trojan that plopped itself into startup. Sadly the server contacted is now down (so the malware is no longer downloaded and loaded anymore) but in the 2 days it was active the infection bypassed WD, was stopped immediately by WVSX, and was contained without system issue by CF and SBIE.
WooHoo! thumbs up for WVSX and the always magnificent CF. And even Sandboxie of all things. No jumping out of those traps.
OK I see, too bad that WD couldn't stop it, makes you think about how truthful all of those AV tests really are. But I'm also not hearing too many good things about WVSX and no surprise that CF and SBIE could contain it. But then they would have to be configured to monitor startup registry keys, I'm not sure if this is possible with SBIE. Perhaps I should give Comodo a try again.
Microsoft urges Windows users to run patch for DogWalk zero-day exploit https://www.computerworld.com/article/3669434/microsoft-urges-windows-users-to-run-patch-for-dogwalk-zero-day-exploit.html "Microsoft has confirmed that a high-severity, zero-day security vulnerability is actively being exploited by threat actors and is advising all Windows and Windows Server users to apply its latest monthly Patch Tuesday update as soon as possible."
