Among the 100-plus fixes Microsoft released on Patch Tuesday this week was an update for the so-called "DogWalk" zero-day vulnerability. (Photo by David Ramos/Getty Images)Microsoft confirmed Tuesday that the so-called “DogWalk” zero-day vulnerability has already been exploited and is urging all Windows users to apply the patch as soon as possible.The remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT), CVE-2022-34713, is among the more than 100 flaws that were updated as part of Patch Tuesday for August. The DogWalk vulnerability was first reported in January 2020, but wasn’t considered to be a security issue, according to numerous outlets. However, the bug was revisited recently after the Follina vulnerability posed a threat and Microsoft released a patch for the zero-day in June.
To exploit the vulnerability, a user would have to open a specially crafted file in an email attack scenario, while the file designed to exploit the vulnerability would have to be hosted on a site in a web-based attack scenario, Microsoft wrote on the FAQ for CVE-2022-34713.
Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.
The Hacker News reports that ongoing security issues have prompted ConnectWise to schedule a rotation of digital code signing certificates for ScreenConnect, ConnectWise Remote Monitoring and Management, and ConnectWise Automate executables.
Almost 80% of government agencies have failed to address software flaws for at least a year, while 55% had enduring vulnerabilities that could be exploited in attacks, indicating "critical" security debt, Cybersecurity Dive reports.
BleepingComputer reports that at least two journalists in Europe, including Italian Ciro Pellegrino, had their iPhones subjected to zero-click attacks exploiting the zero-day flaw, tracked as CVE-2025-43200, to deploy Paragon's Graphite spyware earlier this year.
