2 min read

DogWalk zero-day Windows bug receives patch - but not from Microsoft

Graham CLULEY

June 10, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
DogWalk zero-day Windows bug receives patch - but not from Microsoft

A Windows zero-day vulnerability dubbed "DogWalk" has not received an official patch yet from Microsoft, but that hasn't stopped others from offering free fixes to protect users.

The "DogWalk" flaw, which resides in Microsoft's Diagnostic Tool (MSDT) and affects all Windows versions going back as far as Windows 7 and Server 2008, was first disclosed to the public by security researcher Imre Rad in January 2020.

DogWalk is a path traversal flaw that could allow for files to be saved in locations on a file system without appropriate checks being taken.  As a result, malicious code could be dropped in the Startup folder of a Windows PC, which would then be executed the next time the user logs in.

At the time Microsoft said that it would not be fixing the bug as it did not view it as satisfying its vulnerability criteria, and "DogWalk" remained largely forgotten until last week when another flaw in MSDT that was being exploited in the wild  - "Follina" -  made the headlines of IT media outlets.

Although Microsoft may not feel that DogWalk is worthy of fixing, there are clearly organisations and individuals who would like the software on their computers to work properly and securely, and it is for them that the 0patch micropatching service released a collection of free, unofficial patches.

"Since this is a '0day' vulnerability with no official vendor fix available, we are providing our micropatches for free until such fix becomes available," said 0patch's Mitja Kolsek.

Now, the million-dollar question is this: should you apply this third-party unofficial patch on your computer systems?

That's not a question that I can answer for you.  In an ideal world, you will always use the official security patch issued directly by the software's developer, rather than a third party.

But if your vendor hasn't released a patch - or even seems unwilling to believe that one is required - then you need to judge for yourself whether you feel your systems might be at risk if left undefended.

Whatever you decide, the best defence is a layered defence. Don’t just rely on a specific security patch but instead keep your IT systems and sensitive data defended with a variety of protection layers.  For instance, running an up-to-date anti-virus program, and ensuring that controls are in place to manage users' levels of access.

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts
Silviu STAHIE

December 02, 2022

1 min read
Some Phone Manufacturers Didn't Implement Vital Security Patch for ARM Mali GPU, Google Researchers Find Some Phone Manufacturers Didn't Implement Vital Security Patch for ARM Mali GPU, Google Researchers Find
Silviu STAHIE

November 29, 2022

1 min read
Apple Users Report Seeing Other People's Photos When Using iCloud for Windows Apple Users Report Seeing Other People's Photos When Using iCloud for Windows
Silviu STAHIE

November 25, 2022

1 min read