Vulnerability Management, Vulnerability Management, Distributed Workforce

‘DogWalk’ zero-day patched in latest Windows security update

Microsoft logo
Among the 100-plus fixes Microsoft released on Patch Tuesday this week was an update for the so-called "DogWalk" zero-day vulnerability. (Photo by David Ramos/Getty Images)

Microsoft confirmed Tuesday that the so-called “DogWalk” zero-day vulnerability has already been exploited and is urging all Windows users to apply the patch as soon as possible.

The remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT), CVE-2022-34713, is among the more than 100 flaws that were updated as part  of Patch Tuesday for August. 

The DogWalk vulnerability was first reported in January 2020, but wasn’t considered to be a security issue, according to numerous outlets. However, the bug was revisited recently after the Follina vulnerability posed a threat and Microsoft released a patch for the zero-day in June. 

To exploit the vulnerability, a user would have to open a specially crafted file in an email attack scenario, while the file designed to exploit the vulnerability would have to be hosted on a site in a  web-based attack scenario, Microsoft wrote on the FAQ for CVE-2022-34713.

Stephen Weigand

Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.