In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.Successful exploitation requires user interaction, an obstacle easy to surpass through social engineering, especially in email and web-based attacks, Microsoft says in an advisory today: The problem came back to public attention this year by security researcher j00sean, who summarized what an attacker could achieve by exploiting it and provided video proof: The issue was initially reported to Microsoft by researcher Imre Rad in January 2020 but his report was misclassified as not describing a security risk and dismissed as such. Officially tracked as CVE-2022-34713 and informally referred to as DogWalk, the security flaw in MSDT allows an attacker to place a malicious executable into the Windows Startup folder. One of them has spent more than two years as a zero-day bug in the Windows Support Diagnostic Tool (MSDT) and it has exploit code publicly available.īoth security issues have received a high-severity score and are directory traversal vulnerabilities that could help attackers plant malware on a target system. Cybersecurity and Infrastructure Security Agency (CISA) has added two more flaws to its catalog of Known Exploited Vulnerabilities, based on evidence of active exploitation.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |