December 11, 2023

Microsoft seems to not have any road map patch a two-year-old directory traversal vulnerability in all versions of Windows that researchers have labelled a zero-day.

Advertisements

The bug was originally reported to Microsoft in January 2020 like the recently discovered “Follina” vulnerability it involves attackers abusing Microsoft diagnostic tools to execute malicious code.

It’s been identified that a flaw in how cabinet (*.cab) files are verified allows attackers to save the file archives to any location on Windows computers. By saving a diagcab file to the Startup folder in Windows, attackers can the run their code the next time a user logs in.

One another time this bug was rediscovered earlier this month, and noted that it bypasses not only Microsoft Defender, but also browser-based file downloader warnings to users.

Named “Dogwalk”, the vulnerability also gets past Microsoft’s Mark of the Web (MOTW) security attributes for files that warn users before opening them.

Advertisements

Security vendor 0patch has released free micropatches for Dogwalk that adds the missing security check, without a Windows reboot required.

At this stage, it is not known if the Dogwalk zero-day has been actively exploited by attackers.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d