Microsoft has fixed a remote code execution vulnerability in its MSDT diagnostics tool for Windows, first reported to the company two years ago and rediscovered in May this year.
The fix is part of this month’s Patch Wednesday, and was named Dogwalk by security researchers.
Although researcher Imre Rad reported the bug to Microsoft in January 2020, and despite the vulnerability raising its head again this year, the software giant initially declined to fix the issue.
Now, however, Microsoft has had a change of heart, accordingly to the company’s security researcher Johnathan Norman.
We finally fixed the #DogWalk vulnerable. Sadly this remained an issue for far too long. thanks to everyone who yelled at us to fix it @j00sean @ImreRad
— Johnathan Norman (@spoofyroot) August 9, 2022
After the Dogwalk vulnerability resurfaced in May this year, and exploitation attempts were recorded by Microsoft, the company issued workaround guidance for users.
August Patch Wednesday handles a record 141 vulnerabilities in different Microsoft products.
Among these is an information leak bug that affects Exchange Server, given the Common Vulnerabilities and Exposures index of CVE-2022-30134.
Attackers exploiting the bug can read emails, Microsoft warned.
Simply patching isn’t enough to handle the above vulnerability above, and others affecting Exchange Server.
Microsoft said administrators need to enable the Windows Extended Protection feature on Exchange Servers to fully handle the vulnerabilities.