There is another unpatched security vulnerability pertaining to Microsoft’s Troubleshooting tool named Microsoft Support Diagnostics Tool (MSDT) has emerged when the Follina vulnerability with identifier CVE-2022-30190 is still in active exploitation. The flaw doubled “DogWalk Vulnerability” is a path traversal vulnerability in MSDT. The flaw has not been assigned an identifier, and no CVSS score has been calculated yet to measure the severity of the flaw. The issue was actually identified in 2020 and reported to Microsoft. To the bad, Microsoft has not taken the vulnerability seriously, and no patches were released at least till Opatchhe date this post was published. Since attackers can use DogWalk Path Traversal Vulnerability to compromise all Windows operating systems, both Workstation and Server versions, it is important to address this vulnerability as soon as you can. We have created this post to show you how to protect your Windows computers from DogWalk Path Traversal Vulnerability.
Understanding Microsoft Support Diagnostic Tool (MSDT):
MSDT is a powerful tool that can help you diagnose and repair problems with your Windows-based computer. MSDT can be used to troubleshoot a wide variety of Windows-related issues, including crashes, hangs, and blue screens. MSDT is available for download from the Microsoft website. It is important to note that MSDT requires a valid support contract from Microsoft in order to use it.
Once you have downloaded and installed MSDT, you can launch it by clicking Start, then All Programs, then Accessories, then Microsoft Support Diagnostic Tool. MSDT will automatically scan your computer for common problems and attempt to resolve them automatically. If MSDT is unable to resolve a problem, it will provide you with information that you can use to contact Microsoft support for further assistance.
File Types Associated With Microsoft Support Diagnostic Tool (MSDT):
MSDT is located at ‘%WINDIR%System32msdt.exe’ on your Windows computer and associated with dump files and log files. Dump files contain a snapshot of your system’s current state, while log files track changes to your system over time. Well, rather than going deep into its file system, we should restrict this discussion to these three file types, which are more reverent to understand this flaw.
|Diagnostic Cabinet file
|Diagnostic Package file
|Diagnostic Configuration file
diagcab is simple XML files packed into Microsoft cabinet (.cab) file archives with .diagcab file extension that stores the diagnostic packages references and their metadata.
Summary Of DogWalk Path Traversal Vulnerability:
In short, DogWalk is a Path Traversal Vulnerability in Microsoft’s Troubleshooting tool named Microsoft Support Diagnostics Too (MSDT). Attackers can abuse this flaw to compromise a computer by crafting a diagnostic package.
Microsoft has loaded diagnostic packages to help troubleshoot the issues. However, it has allowed Windows to download the additional missed out diagnostic packages from the internet. Microsoft has implemented integrity checks for the downloaded packages to ensure security. But, this DogWalk Path Traversal Vulnerability has created a way for attackers to save any files to any locations on the file system with the user’s permission before the integrity check takes place. Please check out this post published by Imre Rad for more technical details.
Attackers could take advantage of this flaw by dropping a malicious file to the Startup folder of Windows so that the file will be executed during the Windows startup. Attackers deliver such malicious packages as an attachment or web link in the email.
How Does DogWalk Path Traversal Vulnerability Be Exploited?
Published by Opatch
PoC Of DogWalk Path Traversal Vulnerability:
The author of this vulnerability has created a webdab PoC server for testing purposes. Those who want to test their Windows machine can visit the link and download the .diagcab file. Opatch has published this small video clip that clearly shows how a file will get created in the Windows Startup location.
If you want to try the POC.
- Download the .diagcab file from: https://irsl.github.io/microsoft-diagcab-rce-poc/
- Press CTRL+R, then type ‘shell:startup‘ to browse the Windows Startup Programs location.
- Execute the downloaded file. You will see a calc.exe created in the Startup location. This proves that your Windows computer is vulnerable to the flaw.
Created by Opatch
How To Protect Your Windows Computers From DogWalk Path Traversal Vulnerability?
Well, there are no official patches rolled out from Microsoft to permanently fix the DogWalk Path Traversal Vulnerability. However, you can protect your Windows computers from DogWalk Path Traversal Vulnerability with the help of a third-party security application, Opatch.
Opatch is an incredible microscopic solution for security issues. It uses tiny patches of code ( “micropatches”) to fix software bugs in a variety of open-source and even proprietary products, servers, workstations, and other hardware devices. When you use 0patch, there are no reboots or downtime, and you don’t have to worry about a large official update causing havoc in production.
0patch is making the patch deployment process shorter and less complicated for both corporate users and administrators. Because it is reducing the patch deployment time from months to just hours, corporations welcome its lightness and simplicity. It’s simple to review tiny micropatches, and being able to apply and remove them immediately locally or remotely makes production testing a lot easier.
Opatch has published micropatches for most of the Windows Operating Systems:
- Windows 11 v21H2
- Windows 10 v21H2
- Windows 10 v21H1
- Windows 10 v20H2
- Windows 10 v2004
- Windows 10 v1909
- Windows 10 v1903
- Windows 10 v1809
- Windows 10 v1803
- Windows 7
- Windows Server 2008 R2
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Server 2022
Let’s see how to protect your Windows computers from DogWalk Path Traversal Vulnerability using Opatch.
Time needed: 5 minutes.
How to Protect Your Windows Computers from DogWalk Path Traversal Vulnerability?
- Create a free account in OpatchVisit Optch and login if you have an account created or register using an email ID.
Note: It’s a free registration.
- Download free Opatch agentDownload the Opatch agent from here: https://0patch.com/
- Execute the Opatch agentYou do not need to do anything big to install the patch. Launch the agent, the patch will be installed by itself.
- Accept License agreement
- Select installation folderChoose the installation path. If not keep the default.
- Confirm installation
- Finish Opatch agent installation
- Sign into Opatch agent
- Opatch dashboardYou will start seeing the number of available updates on the dashboard upon signing in to the agent.
- Protect Your Windows Computers from DogWalk Path Traversal VulnerabilityClick on the ‘PATCH WAS APPLIED’ tiles to see the patch was applied for DogWalk Path Traversal Vulnerability.