Windows Security Alert As 2 Zero-Day Threats Confirmed, 1 With Attacks Underway
With Patch Tuesday still many days away, there’s bad news for Windows users who need to be alert to two new zero-day exploits that have yet to be patched by Microsoft.
Follina and Dogwalk exploit Microsoft support tool
The problems are two-fold, but both involve vulnerabilities in the Microsoft Windows Support Diagnostic Tool (MSDT). The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has urged users and administrators to apply the workaround for one of these, CVE-2022-30190, as issued by Microsoft.
Essentially, disable the MSDT URL protocol to prevent ‘trouble-shooters’ being launched as links throughout the Windows operating system. This advice is hardly surprising seeing as reports suggest that exploits using Microsoft Office to get remote code execution on most versions of Windows and Windows Server.
No official Microsoft CVE-2022-30190 patch yet
Bleeping Computer reports that local governments “in at least two U.S. states” have been targeted by a “state-aligned” threat actor. The good news is that there’s an unofficial ‘micro-patch’ available, free of charge, through the third-party 0patch product. The CVE-2022-30190 (also known as Follina) micro-patch is available here for 15 different Windows and Windows Server flavors.
Dogwalk is off the leash
This might leave you wondering about the second zero-day. While being another zero-day vulnerability involving the Microsoft Support Diagnostics Tool, a security researcher has tweeted that it’s not the same as Follina in that it’s a path traversal rather than PowerShell code injection exploit. It is, however, described as being a two-click remote code execution attack so not to be taken lightly. There is no CVE for this one yet, but it has been called Dogwalk for now.
I have reached out to Microsoft for further information regarding patches for both of these and will update this article once I know more.
In the meantime, 0Patch once again has a temporary micro-patch solution available here. It’s only a matter of time, I would imagine, before Dogwalk exploits are being reported in the wild.