DogWalk Zero Day Exploit Explained
In August, Microsoft released a patch for a severe security vulnerability which has been dubbed DogWalk. This exploit previously (as long as you’ve updated your system recently) allowed malicious actors to take advantage of the Microsoft Windows Support Diagnostic Tool (MSDT) and use it to deploy nefarious software.
This article will explore the background behind this vulnerability, the risks associated with it, and how to stay safe.
What is a Zero Day Exploit?
The phrase ‘Zero Day Exploits’ refers to recently discovered vulnerabilities which hackers can use to their advantage. Because these exploits are new, there may not yet be a patch or update available to fix them, leaving a large number of users at risk.
The DogWalk vulnerability is somewhat unusual for a zero day in that it was first detected way back in early 2020 by the security researcher Imre Rad, but Microsoft dismissed it as not posing a significant cybersecurity risk. This turned out to be a mistake, and DogWalk was ultimately used to perpetrate cyber attacks.
Zero days exploits are commonly sold or traded on the dark web, allowing hackers and cybercriminals to gain access to otherwise protected systems.
How Did the DogWalk Zero Day Vulnerability Work?
The DogWalk exploit, or CVE-2022-34713 as it is known in the technical community, required users to open an infected .diagcab file. Once opened, the file allowed attackers to use remote code execution to add malicious executables to the Windows startup folder.
The next time the system was restarted these executables would silently go into action, downloading additional payloads of malware.
Some high severity zero day exploits let attackers gain access to computers without the user ever downloading or clicking on a file. DogWalk, thankfully, required user interaction in order to deploy, making it harder for attackers to successfully infiltrate systems where the users were practicing good cyber hygiene.
Why is it such a big deal that it was patched?
Zero day exploits are serious security threats because they allow attackers to take advantage of security flaws within the system. Normally, modern operating systems are reasonably well hardened against attacks, keeping their crucial system components walled off from malicious access.
However, vulnerabilities like DogWalk completely bypass these protective measures and expose users to ransomware and phishing attacks.
The DogWalk zero day exploit ultimately was returned to the spotlight and given the attention it needed after another exploit, Follina or CVE-2022-30190, was detected in June 2022. Follina exploited a remote code execution vulnerability and operated on similar principles to DogWalk – again taking advantage of the Microsoft Support Diagnostic Tool.
The importance of Microsoft releasing a patch for DogWalk and Follina is that it resolves long-standing security issues that arguably should have been addressed earlier.
How can I tell if I’m vulnerable to this exploit?
All currently supported and unpatched Windows systems are impacted by this exploit, including Windows 11 and Windows Server 2022.
Non-Windows operating systems, like Apple and Linux are not susceptible to this particular vulnerability, although it remains important to keep your operating systems updated regardless of which ecosystem you’re running.
What do I need to do to fix the vulnerability?
The silver lining to this particular cloud is how easy it is to protect your system from it. All you need to do is allow Windows to install the most recent security updates. Microsoft patches are released at regular intervals and keep your system safe from threats, but all too often users defer the updates or disable them entirely.
In the case of DogWalk, having good digital hygiene would have protected unpatched systems: never open files from unknown sources! Unfortunately, threat actors have become more savvy in recent years and have been using convincing social engineering to get users to download and open their malicious files.
Conclusion
The DogWalk zero day vulnerability is a great example of why it is important to stay vigilant online and to keep your system updated. Never open files from unknown sources, and if you receive an unsolicited message that seems suspicious be extremely cautious.
In addition to updates, a robust network firewall and updated antivirus software provides risk mitigation and helps keep your small business’s systems secure.