Saturday, March 25, 2023
Home Tech New exploit threatens Microsoft Office and receives unofficial fixes from the company

New exploit threatens Microsoft Office and receives unofficial fixes from the company


new A zero-day vulnerability lurks in the Microsoft Diagnostic Tool (MSDT). By the name of DogWalk, Microsoft is ignoring it because the company believes it does not qualify for immediate service.

At the beginning of June, we already reported on another zero-day vulnerability affecting Microsoft Office and is a problem for all users using Microsoft office programs.

What is happening with this is that attackers are using Word documents that are specifically designed to be the key element when it comes to accessing the Windows Management Shell and therefore executing the lines of code they want, and nothing can stop them.

They took advantage of the vulnerability nicknamed Follina in order to be able to access the Microsoft Diagnostic Tool. With this one on the table, as with DogWlak, Microsoft only offered steps to disable MSDT and no update has been released to completely resolve this situation.


What is malware?

Regarding DogWalk, we know from Neowin that this is a path crossing vulnerability that attackers can use to copy the executable to the windows startup folder when the target opens a malicious .diagcab file (either received via email or downloaded from the Internet).

This vulnerability was first publicly disclosed in 2020 via Twitter, after Microsoft reacted in the same way it is now. However, the bug was recently re-discovered and reported again.

The 0patch micropatch is designed to address this issue. consists of 11 instructions, seemingly simple ones that block the execution of this MSDT file. Like Follina, it’s available for Windows versions, which you can find here.

We also leave you a micropatch download link in the article, which directs you to the official 0patch blog post.

Although Microsoft has said that Outlook users are not at risk because .diagcab files are automatically blocked, researchers and security experts think otherwise.

Source: Computer Hoy

Previous articleThe level of CO2 concentration in the atmosphere has reached the level that was on Earth 4 million years ago.
Next articleNew features for creators on Instagram
I am Bret Jackson, a professional journalist and author for Gadget Onus, where I specialize in writing about the gaming industry. With over 6 years of experience in my field, I have built up an extensive portfolio that ranges from reviews to interviews with top figures within the industry. My work has been featured on various news sites, providing readers with insightful analysis regarding the current state of gaming culture.


Please enter your comment!
Please enter your name here