Despite previously claiming the DogWalk vulnerability did not constitute a security issue, Microsoft has now released a patch to stop attackers from actively exploiting the vulnerability. Credit: Magdalena Petrova Microsoft has confirmed that a high-severity, zero-day security vulnerability is actively being exploited by threat actors and is advising all Windows and Windows Server users to apply its latest monthly Patch Tuesday update as soon as possible. The vulnerability, known as CVE-2022-34713 or DogWalk, allows attackers to exploit a weakness in the Windows Microsoft Support Diagnostic Tool (MSDT). By using social engineering or phishing, attackers can trick users into visiting a fake website or opening a malicious document or file and ultimately gain remote code execution on compromised systems. DogWalk affects all Windows versions under support, including the latest client and server releases, Windows 11 and Windows Server 2022. The vulnerability was first reported in January 2020 but at the time, Microsoft said it didn’t consider the exploit to be a security issue. This is the second time in recent months that Microsoft has been forced to change its position on a known exploit, having initially rejected reports that another Windows MSDT zero-day, known as Follina, posed a security threat. A patch for that exploit was released in June’s Patch Tuesday update. Charl van der Walt, head of security research at Orange Cyberdefense, said that although Microsoft could perhaps be criticised for failing to consider how frequently and easily files with apparently innocent extensions are used to deliver malicious payloads, also noted that with several thousand vulnerabilities reported each year, it’s to be expected that Microsoft’s risk-based triage approach to assessing vulnerabilities won’t be infallible. “If everything is urgent, then nothing is urgent,” he said. “The security community has long stopped believing vulnerabilities and threats will be eradicated any time soon, so the challenge now becomes the development of a kind of agility that can perceive changes in the threat landscape and adapt accordingly.” Related content feature What Capgemini software chief learned about AI-generated code: highly usable, 'too many unknowns' for production While most of Capgemini's clients are reticent to use AI-generated code in production, the technology has led to big efficiency and productivity increases that developers and engineers might not yet realize, says Jiani Zhang, the company's By Lucas Mearian Apr 30, 2024 21 mins Developer Engineer Generative AI news analysis The EU has decided to open up iPadOS 'Our market investigation showed that despite not meeting the thresholds, iPadOS constitutes an important gateway on which many companies rely to reach their customers,' said the EU’s lead anti-competition regulator, Margrethe Vestige By Jonny Evans Apr 29, 2024 4 mins Apple Apple App Store iPad how-to A new Windows 11 backup and recovery paradigm? If used properly, new features built into Windows 11 offer safe, nearly complete backup, restore, repair, and recovery operations without third-party tools — but there are some caveats worth knowing. By Ed Tittel Apr 29, 2024 17 mins Windows 11 Backup and Recovery Windows feature Q&A: Georgia Tech dean details why the school needed a new AI supercomputer Georgia Tech partnered with Nvidia to roll out its first supercomputer so students can experiment with AI and machine learning to better prepare for a job market where those skills are now critical to success. By Lucas Mearian Apr 29, 2024 12 mins CPUs and Processors Education Industry Generative AI Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe