New MSDT 0-day Flaw ‘DogWalk’ Receives Free Unofficial Patches

DogWalk comes soon after another MSDT zero-day vulnerability dubbed Follina was discovered, and Microsoft claimed it was a non-security issue.

Last week a critical 0day security vulnerability called Follina was identified in Microsoft Office. The issue was a critical one and required urgent security patches. To make sure the vulnerability is fixed on an urgent basis (although it was already being exploited by Chinese hackers) 0Patch, a Maribor, Slovenia-based IT security firm issued free but unofficial micropatches addressing the Follina vulnerability.

Now, 0Patch is at it again. It all started with security researcher Imre Rad first disclosing a vulnerability in January 2020 which is now called DogWalk. But Microsoft ignored the flaw because the tech giant didn’t consider it a security issue. Recently, the same vulnerability was re-discovered by security researcher j00sean.

Although the vulnerability hasn’t been assigned a CVE or tracking ID yet, it is confirmed that this vulnerability drops a payload in the Startup folder of Windows at this location:

C:AppDataRoamingMicrosoftWindowsStart MenuProgramsStartup About DogWalk

The flaw is dubbed DogWalk, and according to j00sean, it is a path traversal flaw that attackers can exploit to copy an executable to the Windows startup folder after the victim opens a

Read More: