![]() ![]() Two years later, Microsoft reassessed the case due to their updated “Windows bug bar” and determined that the vulnerability met the security update criteria. Six months later, on June 1, 2020, Microsoft closed the case stating, “ we will not be fixing this vulnerability in the current version and we are closing this case.” On August 9, Microsoft released a patch for a vulnerability, tracked as CVE-2022-34713, that a security researcher initially reported to the company in December 2019. Deepwatch Squads are identifying customers that this vulnerability may impact and evaluating the detection strategy for this exploitation.Recommendations include updating Windows to the latest version and restricting the ability of end-users from opening.By placing the malicious file into the Windows Startup folder, the threat actor could execute code, which the operating system would run the next time the victim logged in. The vulnerability could allow a threat actor to store a file in any location on the file system according to the current user’s permissions. ![]() According to the advisory, threat actors are actively exploiting this vulnerability. Microsoft released a security update for a Windows Support Diagnostic Tool vulnerability (CVE-2022-34713) after initial pushback on not fixing the vulnerability a security researcher reported to them in late 2019.08.10.22 Customer Advisory | Microsoft’s Support Diagnostic Tool Vulnerability, AKA DogWalk, Actively Exploited By Eric Ford, What You Need to Know
0 Comments
Leave a Reply. |