Microsoft DogWalk zero-day detailed

The Hacker News reports that the Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool dubbed "DogWalk" has been given an unofficial patch amid the continued exploitation of the Follina flaw. Threat actors could exploit DogWalk, which impacts all Windows versions from Windows 8 and Server 2008 onward, to conceal a malicious executable within the Windows Startup folder upon opening a ".diagcab" archive file, which facilitates payload execution upon the first login after a restart. Lacking security checking capabilities within MSDT enables the opening of the .diagcab file without a security warning, according to Mitja Kolsek of 0patch. "Outlook is not the only delivery vehicle: such file is cheerfully downloaded by all major browsers including Microsoft Edge by simply visiting(!) a website, and it only takes a single click (or mis-click) in the browser's downloads list to have it opened. No warning is shown in the process, in contrast to downloading and opening any other known file capable of executing [the] attacker's code," said Kolsek. Even though the DogWalk issue had been initially disclosed in January 2020, Microsoft has noted that it was not a security concern.