Patch Wednesday fixes two-year-old Dogwalk vulnerability

Patch Wednesday fixes two-year-old Dogwalk vulnerability

Path traversal bug in diagnostics tool could be used for remote code execution.

By on

Microsoft has fixed a remote code execution vulnerability in its MSDT diagnostics tool for Windows, first reported to the company two years ago and rediscovered in May this year.

The fix is part of this month's Patch Wednesday and was named Dogwalk by security researchers.

Although researcher Imre Rad reported the bug to Microsoft in January 2020, and despite the vulnerability raising its head again this year, the software giant initially declined to fix the issue.

Now, however, Microsoft has had a change of heart, according to the company's security researcher Johnathan Norman.

After the Dogwalk vulnerability resurfaced in May this year, and exploitation attempts were recorded by Microsoft, the company issued workaround guidance for users.

August Patch Wednesday handles a record 141 vulnerabilities in different Microsoft products.

Among these is an information leak bug that affects the Exchange Server, given the Common Vulnerabilities and Exposures index of CVE-2022-30134.

Attackers exploiting the bug can read emails, Microsoft warned.

Simply patching isn't enough to handle the above vulnerability above, and others affecting Exchange Server.

Microsoft said administrators need to enable the Windows Extended Protection feature on Exchange Servers to fully handle the vulnerabilities.

To reach the editorial team on your feedback, story ideas and pitches, contact them here.
Copyright © . All rights reserved.

Most Read Articles