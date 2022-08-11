Microsoft’s first reaction to the issue was to downplay its impact and claim that it would not be fixed.

The Windows 11 August Security Update, released last Tuesday (9) finally fixed a major system flaw that had been discovered in January 2020. Known as dogwalk (or by code CVE-2022-34713), it allows remote execution of any type of code on target machines.

The problem had been discovered by security researcher Imre Rad, who reported it to Microsoft. In season, the company ended up reducing the impacts of the issuestating that if it was not a problem and that, therefore, it would not be corrected — a stance that only changed after the breach re-explored and detailed by the researcher identified as j00sean.

In order to be explored, Dog Walk requires an attacker to add a malicious executable to the Windows boot system. Thus, when the system is restarted, it starts downloading and executing malware discreetly, ceding control of the machine to a malicious agent.

Attacks can be done via email or contaminated websites

The reason Microsoft doesn’t seem to have taken the problem very seriously at first is the fact that for it to work, an attacker would need to have physical access to his target. However, in the security update notes offered by the company, it notes that it would be possible initiate an intrusion via an email message accompanied by a specially prepared executable file.

“In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) by contenting a specially crafted file to exploit the vulnerability”, explains Microsoft.

According to the company, the loophole is present in all supported versions of Windowsincluding Windows Server 2022. The update of security released by the company also closes a serious breach that allowed the remote reading of e-mail messages and fixes 112 additional crashes17 of which are considered critical.

Source: Bleeping Computer