Cybersecurity Windows 10, 11 & Server Zero-Day Attacks Underway, Microsoft Says Davey Winder Senior Contributor Opinions expressed by Forbes Contributors are their own. Co-founder, Straight Talking Cyber New! Follow this author to stay notified about their latest stories. Got it! Aug 10, 2022, 02:11am EDT | New! Click on the conversation bubble to join the conversation Got it! Share to Facebook Share to Twitter Share to Linkedin All Windows users advised to update as Microsoft confirms zero-day attack SOPA Images/LightRocket via Getty Images With the arrival of the monthly ‘Patch Tuesday’ security updates for Windows users, Microsoft confirms that one zero-day security vulnerability is already under attack.
All Windows and Windows Server users are being advised to update as soon as possible after Microsoft confirms that CVE-2022-34713 , also known as DogWalk, is being actively exploited by attackers. What is the DogWalk vulnerability? The high-impact, remote code execution, vulnerability, exists in the Windows Support Diagnostic Tool (MSDT) and can lead to system compromise. It’s not the first time that MSDT has been targeted by cybercriminals nor, indeed, the first time we’ve encountered DogWalk.
As I first reported on June 8 , “It’s only a matter of time, I would imagine, before DogWalk exploits are being reported in the wild. ” That time has arrived. MORE FROM FORBES New Gmail Attack Bypasses Passwords And 2FA To Read All Email By Davey Winder Quite astonishingly, the vulnerability was first disclosed in January 2020.
At the time, it is reported , Microsoft didn’t consider it a security issue. The vulnerability can be exploited by an attacker using social engineering or phishing tactics to trick a user into opening a malicious document or file or visiting a compromised website to the same end. MORE FOR YOU iOS 15: Apple Issues 22 Important iPhone Security Updates Widely-Used Hikvision Security Cameras Vulnerable To Remote Hijacking iOS 15 Is Available Now With These Stunning New iPhone Privacy Features CISA issues mandatory update warning to U.
S. federal agencies Worryingly, the vulnerability impacts all users of all currently supported versions of Windows and Windows Server. The U.
S. Cybersecurity and Infrastructure Security Agency (CISA) has added DogWalk to the Known Exploited Vulnerabilities list and ordered federal agencies to patch it before the end of the month. I would advise all users to do the same, only more quickly, by applying that Patch Tuesday update as soon as is possible.
MORE FROM FORBES Gmail Hackers Target Google Accounts-Here’s How To Stop Them By Davey Winder While DogWalk is the only zero-day being patched, the update covers a total of 121 vulnerabilities, including 17 that are given a critical rating. Dustin Childs, from Trend Micro’s Zero Day Initiative, says “the volume of fixes released this month is markedly higher than what is normally expected in an August release. It’s almost triple the size of last year’s August release, and it’s the second largest release this year.
” You can see the full list of Windows security updates for August in the update guide published by the Microsoft Security Response Center. Follow me on Twitter or LinkedIn . Check out my website or some of my other work here .
Davey Winder Editorial Standards Print Reprints & Permissions.
From: forbes
URL: https://www.forbes.com/sites/daveywinder/2022/08/10/windows-10-11–server-zero-day-attacks-underway-microsoft-says/