CISA: Windows, UnRAR vulnerabilities under active exploitation

BleepingComputer reports that the Cybersecurity and Infrastructure Security Agency has updated its Known Exploited Vulnerabilities Catalog to include the high-severity Windows Support Diagnostic Tool zero-day and UnRAR utility vulnerabilities following active exploitation in the wild. Threat actors could exploit the Windows MSDT vulnerability, dubbed DogWalk and tracked as CVE-2022-34713, to perform both email- and web-based attacks aimed at deploying malware, said Microsoft. Microsoft has only addressed the flaw with this month's patches even though it had been initially reported more than two years ago by researcher Imre Rad. Meanwhile, a path traversal vulnerability impacting the UnRAR utility for Linux and Unix, tracked as CVE-2022-30333, could be abused to facilitate the installation of a malicious file on target systems. SonarSource reported the flaw in late June, with Metasploit having the exploit code earlier this month. With both vulnerabilities included in the CISA's KEV Catalog, U.S. federal agencies are mandated to apply updates by Aug. 30.