Microsoft confirmed Tuesday that the so-called “DogWalk” zero-day vulnerability has already been exploited and is urging all Windows users to apply the patch as soon as possible.
The remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT), CVE-2022-34713, is among the more than 100 flaws that were updated as part of Patch Tuesday for August.
The DogWalk vulnerability was first reported in January 2020, but wasn’t considered to be a security issue, according to numerous outlets. However, the bug was revisited recently after the Follina vulnerability posed a threat and Microsoft released a patch for the zero-day in June.
To exploit the vulnerability, a user would have to open a specially crafted file in an email attack scenario, while the file designed to exploit the vulnerability would have to be hosted on a site in a web-based attack scenario, Microsoft wrote on the FAQ for CVE-2022-34713.