Microsoft fixed 55 vulnerabilities in Windows, three of which were rated critical. In particular, Follina’s zero-day flaw is resolved. Unfortunately this is not the case with the DogWalk zero-day flaw, which remains active.
Like every second Tuesday of the month, Microsoft releases its Patch Tuesday, a series of patches for Windows 10 and Windows 11. The June 2022 edition addresses 55 vulnerabilities, including the Follina zero-day flaw. Unfortunately, another zero-day flaw is still active, security researcher j00sean reports on Twitter. It is called DogWalk.
– j00sean (@ j00sean) June 14, 2022
This defect falls under the “path traversal” category and affects the Microsoft Support Diagnostic Tool (MSDT). Allows a hacker to copy an executable file to the Windows startup folder. For this, the victim receives a malicious file, with extension .diagcab, which performs the operation upon opening. The next time the machine is started, the executable file starts automatically. The flaw was transmitted to Microsoft in late 2019, but the publisher did not find it useful to correct it, considering that a diagcab file does not fall into the category of executables. According to Microsoft, this type of file is automatically blocked by the Outlook e-mail program. Unfortunately, the file can be downloaded by other means, for example with a web browser. And it can be opened without notice by the Microsoft Support Diagnostic Tool. Hopefully, the publisher changes his mind for Patch Tuesday next month.
Follina’s zero-day flaw is correct
Meanwhile, the June patch set fixes another zero-day vulnerability called Follina. This also uses the Microsoft Support Diagnostic Tool (MSDT), but in a different way. The victim receives a malicious Word document which, once opened, can execute PowerShell code by calling the diagnostic tool via the protocol ms-msdt: Before the patch arrived, a workaround allowed the protocol to be disabled by modifying the registry. The Follina flaw was used by hackers to attack US government agencies and Ukrainian media.
The 55 vulnerabilities addressed by Patch Tuesday in June can be classified into the following categories:
- Elevation of Privilege: 12 important
- Remote Code Execution: 24 Important and 3 Critical
- Disclosure of information: 11 important
- Denial of service: 3 important ones
- Safety bypass: 1 important
- Identity theft (spoofing): 1 significant
Remember that Windows updates are done automatically by Windows Update, but you can also trigger the task manually so you don’t have to wait. To do this, type Windows update in the desktop search box (use the magnifying glass icon at the bottom of the desktop for Windows 11) and click the option Check for updates.
Finally, Microsoft also released patches for its Edge browser in early June to fix five vulnerabilities, including one that could allow hackers to execute code remotely.