It was initially reported back in 2019, but not deemed a vulnerability as it was believed to require significant user interaction to exploit, and there were various other mitigations in place. Qualys director of vulnerability and threat research Bharat Jogi added: “The DogWalk zero-day vulnerability is not new to the industry. ![]() Therefore, it is vital that organisations apply the available patches as soon as possible.” “For attackers, bugs that can be executed via malicious documents remain a valuable tool, so flaws like Follina and CVE-2022-34713 will continue to be used for months. “A variety of threat actors leverage spear phishing, from advanced persistent threat (APT) groups to ransomware affiliates,” he said. “With reports that CVE-2022-34713 has been exploited in the wild, it would appear that attackers are looking to take advantage of flaws within MSDT as these types of flaws are extremely valuable to launch spear phishing attacks,” said Tenable senior staff research engineer Satnam Narang. This is the second major MSDT vulnerability to have been fixed by Microsoft in the past few months, following the disclosure of the dangerous Follina zero-day at the end of May, which was patched in June. ![]() As such, it is rated merely important as opposed to critical. Tracked as CVE-2022-34713, successful exploitation requires the victim to be convinced to open a specially crafted file, which can be delivered either via email or an attacker-controlled or compromised website.
0 Comments
Leave a Reply. |