Microsoft has confirmed that a high-severity, zero-day security vulnerability is actively being exploited by threat actors and is advising all Windows and Windows Server users to use its latest monthly Patch Tuesday update as soon as possible.
Microsoft | Your Resume is not getting shortlisted. We can Help you for this. We create ATS based resume for you to Get shortlisted at any MNC
The vulnerability, referred to as CVE-2022-34713 or DogWalk, allows attackers to take advantage of a weakness within the Windows Microsoft Support Diagnostic Tool (MSDT). By using social engineering or phishing, attackers can trick users into visiting a fake website or opening a malicious document or file and ultimately gain remote code execution on compromised systems.
DogWalk affects all Windows versions under support, including the newest client and server releases, Windows 11 and Windows Server 2022.
Click Here Get Job Updated on telegram : Click Here
The vulnerability was first reported in January 2020 but at the time, Company said it didn’t consider the exploit to be a security issue. this can be the second time in recent months that Microsoft has been forced to alter its position on a known exploit, having initially rejected reports that another Windows MSDT zero-day, called Follina, posed a security threat. A patch for that exploit was released in June’s Patch Tuesday update.
Charl van der Walt, head of security research at Orange Cyber defense, said that although Microsoft could perhaps be criticized for failing to think about how frequently and simply files with apparently innocent extensions are accustomed deliver malicious payloads, also noted that with several thousand vulnerabilities reported annually, it’s to be expected that Microsoft’s risk-based triage approach to assessing vulnerabilities won’t be infallible.
“If everything is urgent, then nothing is urgent,” he said. “The security community has long stopped believing vulnerabilities and threats are going to be eradicated any time soon, therefore the challenge now becomes the event of a sort of agility which will perceive changes within the threat landscape and adapt accordingly.”