![]() For attackers, bugs that can be executed via malicious documents remain a valuable tool, so flaws like Follina and CVE-2022-34713 will continue to be used for months. “We’ve seen flaws like CVE-2017-11882, a remote code execution bug in Microsoft Office, continue to be exploited years after patches have been made available. A variety of threat actors leverage spearphishing, from advanced persistent threat (APT) groups to ransomware affiliates,” commented Satnam Narang, senior staff research engineer at Tenable. “With reports that CVE-2022-34713 has been exploited in the wild, it would appear that attackers are looking to take advantage of flaws within MSDT as these types of flaws are extremely valuable to launch spearphishing attacks. This one is related to a wave of attacks in May when malicious documents were used to gain code execution via the MSDT tool,” noted Kevin Breen, Director of Cyber Threat Research at Immersive Labs.Īccording to Microsoft, CVE-2022-34713 is a variant of the vulnerability publicly known as Dogwalk. “Anything actively exploited in the wild must be at the top of the list of things to patch. For an attacker to exploit it, they must trick targets into opening a specially crafted file (delivered via email or downloaded from a website). Registry Path: \Software\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy\Ĭonfigure the policy value for Computer Configuration -> Administrative Templates -> System -> Troubleshooting and Diagnostics -> Microsoft Support Diagnostic Tool -> "Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider" to "Disabled".The August 2022 Patch Tuesday has arrived, with fixes for an unexpectedly high number of vulnerabilities in various Microsoft products, including two zero-days: one actively exploited (CVE-2022-34713) and one not yet (CVE-2022-30134).ĬVE-2022-34713 is a vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) that allows for remote code execution. If the following registry value does not exist or is not configured as specified, this is a finding: Microsoft Windows Server 2012/2012 R2 Member Server Security Technical Implementation Guideĭetails Check Text ( C-27057r471416_chk ) This setting prevents the MSDT from communicating with and sending collected data to Microsoft, the default support provider. ![]() Turning off this capability will prevent potentially sensitive information from being sent outside the enterprise and uncontrolled updates to the system. Some features may communicate with the vendor, sending system information or downloading data or components for the feature. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |