Table of Contents
  • Home
  • /
  • Blog
  • /
  • How To Protect Your Windows Computers From DogWalk Path Traversal Vulnerability?
June 11, 2022
|
7m

How To Protect Your Windows Computers From DogWalk Path Traversal Vulnerability?


How To Protect Your Windows Computers From Dogwalk Path Traversal Vulnerability

There is another unpatched security vulnerability pertaining to Microsoft’s Troubleshooting tool named Microsoft Support Diagnostics Tool (MSDT) has emerged when the Follina vulnerability with identifier CVE-2022-30190 is still in active exploitation. The flaw doubled “DogWalk Vulnerability” is a path traversal vulnerability in MSDT. The flaw has not been assigned an identifier, and no CVSS score has been calculated yet to measure the severity of the flaw. The issue was actually identified in 2020 and reported to Microsoft. To the bad, Microsoft has not taken the vulnerability seriously, and no patches were released at least till Opatchhe date this post was published. Since attackers can use DogWalk Path Traversal Vulnerability to compromise all Windows operating systems, both Workstation and Server versions, it is important to address this vulnerability as soon as you can. We have created this post to show you how to protect your Windows computers from DogWalk Path Traversal Vulnerability.

Understanding Microsoft Support Diagnostic Tool (MSDT):

MSDT is a powerful tool that can help you diagnose and repair problems with your Windows-based computer. MSDT can be used to troubleshoot a wide variety of Windows-related issues, including crashes, hangs, and blue screens. MSDT is available for download from the Microsoft website. It is important to note that MSDT requires a valid support contract from Microsoft in order to use it.

Once you have downloaded and installed MSDT, you can launch it by clicking Start, then All Programs, then Accessories, then Microsoft Support Diagnostic Tool. MSDT will automatically scan your computer for common problems and attempt to resolve them automatically. If MSDT is unable to resolve a problem, it will provide you with information that you can use to contact Microsoft support for further assistance.

File Types Associated With Microsoft Support Diagnostic Tool (MSDT):

MSDT is located at ‘%WINDIR%\System32\msdt.exe’ on your Windows computer and associated with dump files and log files. Dump files contain a snapshot of your system’s current state, while log files track changes to your system over time. Well, rather than going deep into its file system, we should restrict this discussion to these three file types, which are more reverent to understand this flaw.

File TypeDescription
.diagcabDiagnostic Cabinet file
.diagpkgDiagnostic Package file
.diagcfgDiagnostic Configuration file

diagcab is simple XML files packed into Microsoft cabinet (.cab) file archives with .diagcab file extension that stores the diagnostic packages references and their metadata. 

Summary Of DogWalk Path Traversal Vulnerability:

In short, DogWalk is a Path Traversal Vulnerability in Microsoft’s Troubleshooting tool named Microsoft Support Diagnostics Too (MSDT). Attackers can abuse this flaw to compromise a computer by crafting a diagnostic package. 

Microsoft has loaded diagnostic packages to help troubleshoot the issues. However, it has allowed Windows to download the additional missed out diagnostic packages from the internet. Microsoft has implemented integrity checks for the downloaded packages to ensure security. But, this DogWalk Path Traversal Vulnerability has created a way for attackers to save any files to any locations on the file system with the user’s permission before the integrity check takes place. Please check out this post published by Imre Rad for more technical details.

Attackers could take advantage of this flaw by dropping a malicious file to the Startup folder of Windows so that the file will be executed during the Windows startup. Attackers deliver such malicious packages as an attachment or web link in the email.

How Does DogWalk Path Traversal Vulnerability Be Exploited?

Published by Opatch

PoC Of DogWalk Path Traversal Vulnerability:

The author of this vulnerability has created a webdab PoC server for testing purposes. Those who want to test their Windows machine can visit the link and download the .diagcab file. Opatch has published this small video clip that clearly shows how a file will get created in the Windows Startup location. 

If you want to try the POC. 

  1. Download the .diagcab file from: https://irsl.github.io/microsoft-diagcab-rce-poc/

  2. Press CTRL+R, then type ‘shell:startup‘ to browse the Windows Startup Programs location.

  3. Execute the downloaded file. You will see a calc.exe created in the Startup location. This proves that your Windows computer is vulnerable to the flaw.

Created by Opatch

How To Protect Your Windows Computers From DogWalk Path Traversal Vulnerability?

Well, there are no official patches rolled out from Microsoft to permanently fix the DogWalk Path Traversal Vulnerability. However, you can protect your Windows computers from DogWalk Path Traversal Vulnerability with the help of a third-party security application, Opatch.

Opatch is an incredible microscopic solution for security issues. It uses tiny patches of code ( “micropatches”) to fix software bugs in a variety of open-source and even proprietary products, servers, workstations, and other hardware devices. When you use 0patch, there are no reboots or downtime, and you don’t have to worry about a large official update causing havoc in production.

0patch is making the patch deployment process shorter and less complicated for both corporate users and administrators. Because it is reducing the patch deployment time from months to just hours, corporations welcome its lightness and simplicity. It’s simple to review tiny micropatches, and being able to apply and remove them immediately locally or remotely makes production testing a lot easier.

Opatch has published micropatches for most of the Windows Operating Systems:

  1. Windows 11 v21H2

  2. Windows 10 v21H2

  3. Windows 10 v21H1

  4. Windows 10 v20H2

  5. Windows 10 v2004

  6. Windows 10 v1909

  7. Windows 10 v1903

  8. Windows 10 v1809

  9. Windows 10 v1803

  10. Windows 7

  11. Windows Server 2008 R2

  12. Windows Server 2012

  13. Windows Server 2012 R2

  14. Windows Server 2016

  15. Windows Server 2019 

  16. Windows Server 2022 

Let’s see how to protect your Windows computers from DogWalk Path Traversal Vulnerability using Opatch.

Step 1. Create a free account in Opatch

Visit Optch and login if you have an account created or register using an email ID.

Note: It’s a free registration.
https://central.0patch.com/auth/login


Step 2. Download free Opatch agent

Download the Opatch agent from here: https://0patch.com/

Step 3. Execute the Opatch agent

You do not need to do anything big to install the patch. Launch the agent, the patch will be installed by itself.

Step 4. Accept License agreement
Step 5. Select installation folder

Choose the installation path. If not keep the default.

Step 6. Confirm installation
Step 7. Finish Opatch agent installation
Step 8. Sign into Opatch agent
Step 9. Opatch dashboard

You will start seeing the number of available updates on the dashboard upon signing in to the agent.

Step 10. Protect Your Windows Computers from DogWalk Path Traversal Vulnerability

Click on the ‘PATCH WAS APPLIED’ tiles to see the patch was applied for DogWalk Path Traversal Vulnerability.

We hope this post would help you how to protect your Windows computers from DogWalk Path Traversal Vulnerability. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblrMedium & Instagram, and subscribe to receive updates like this.

You may also like these articles:

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Vulnerabilities

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.

Tools

Featured

View All

Learn Something New with Free Email subscription

Subscribe

Subscribe