Microsoft has patched 55 vulnerabilities in Windows, three of which were rated critical. In particular, the Follina zero-day flaw is fixed. Unfortunately, this is not the case for the zero-day DogWalk flaw, which remains active.
Like every second Tuesday of the month, Microsoft deploys its Patch Tuesday, a set of patches for Windows 10 and Windows 11. The June 2022 edition fixes 55 vulnerabilities, including the Follina zero-day flaw. Unfortunately, another zero-day flaw is still active, as security researcher j00sean reports on Twitter. It is called DogWalk.
#DogWalk with remote shared location is still working, no prompting of MoTW yet. It sounds no changes.https://t.co/gUUz95HxVK pic.twitter.com/rjpd8OzZJ0
— j00sean (@j00sean) June 14, 2022
This flaw falls into the “path traversal” category and affects the Microsoft Support Diagnostic Tool (MSDT). It allows a hacker to copy an executable file to the Windows startup folder. For this, the victim receives a malicious file, with the .diagcab extension, which performs the operation when it is opened. When the machine is next started, the executable file is then automatically launched. The flaw was transmitted to Microsoft at the end of 2019, but the publisher did not consider it useful to correct it, considering that a diagcab file does not fall into the category of executables. According to Microsoft, this type of file is automatically blocked by the Outlook email program. Unfortunately, the file can be downloaded by other means, for example with a web browser. And it can be opened without warning by Microsoft Support diagnostic tool tool. Hopefully the publisher changes its mind for next month’s Patch Tuesday.
Follina zero-day flaw is patched
In the meantime, the June patch set fixes another zero-day vulnerability called Follina. This also uses the Microsoft Support Diagnostic Tool (MSDT), but in a different way. The victim receives a malicious Word document which, when opened, can execute PowerShell code by calling the diagnostic tool through the protocol ms-msdt: Before the arrival of the patch, a workaround made it possible to deactivate the protocol by modifying the registry. The Follina flaw has been used by hackers to attack US government agencies and Ukrainian media.
The 55 vulnerabilities addressed by the June Patch Tuesday can be classified into the following categories:
- Privilege elevation: 12 important
- Remote Code Execution: 24 important and 3 critical
- Disclosure of information: 11 important
- Denial of service: 3 important
- Safety bypass: 1 important
- Identity theft (spoofing): 1 significant
Remember that Windows updates are done automatically by Windows Update, but you can also trigger the operation manually so you don’t have to wait. To do this, type Windows Update in the desktop search box (use the magnifying glass icon at the bottom of the desktop for Windows 11) and click on the option Check for updates.
Finally, Microsoft also released patches for its Edge browser in early June to fix five vulnerabilities, including one that could allow hackers to execute code remotely.
Neowin
[related_posts_by_tax taxonomies=”post_tag”]
The post Windows: Microsoft fixes a serious zero-day flaw… but lets another one threaten users appeared first on Gamingsym.