• Home
  • |
  • Blog
  • |
  • How To Protect Your Windows Computers From DogWalk Path Traversal Vulnerability?
How to Protect Your Windows Computers from DogWalk Path Traversal Vulnerability

There is another unpatched security vulnerability pertaining to Microsoft’s Troubleshooting tool named Microsoft Support Diagnostics Tool (MSDT) has emerged when the Follina vulnerability with identifier CVE-2022-30190 is still in active exploitation. The flaw doubled “DogWalk Vulnerability” is a path traversal vulnerability in MSDT. The flaw has not been assigned an identifier, and no CVSS score has been calculated yet to measure the severity of the flaw. The issue was actually identified in 2020 and reported to Microsoft. To the bad, Microsoft has not taken the vulnerability seriously, and no patches were released at least till the date this post was published. Since attackers can use DogWalk Path Traversal Vulnerability to compromise all Windows operating systems, both Workstation and Server versions, it is important to address this vulnerability as soon as you can. We have created this post to show you how to protect your Windows computers from DogWalk Path Traversal Vulnerability.

Understanding Microsoft Support Diagnostic Tool (MSDT):

MSDT is a powerful tool that can help you diagnose and repair problems with your Windows-based computer. MSDT can be used to troubleshoot a wide variety of Windows-related issues, including crashes, hangs, and blue screens. MSDT is available for download from the Microsoft website. It is important to note that MSDT requires a valid support contract from Microsoft in order to use it.

Once you have downloaded and installed MSDT, you can launch it by clicking Start, then All Programs, then Accessories, then Microsoft Support Diagnostic Tool. MSDT will automatically scan your computer for common problems and attempt to resolve them automatically. If MSDT is unable to resolve a problem, it will provide you with information that you can use to contact Microsoft support for further assistance.

File Types Associated With Microsoft Support Diagnostic Tool (MSDT):

MSDT is located at ‘%WINDIR%\System32\msdt.exe’ on your Windows computer and associated with dump files and log files. Dump files contain a snapshot of your system’s current state, while log files track changes to your system over time. Well, rather than going deep into its file system, we should restrict this discussion to these three file types, which are more reverent to understand this flaw.

File TypeDescription
.diagcabDiagnostic Cabinet file
.diagpkgDiagnostic Package file
.diagcfgDiagnostic Configuration file

diagcab is simple XML files packed into Microsoft cabinet (.cab) file archives with .diagcab file extension that stores the diagnostic packages references and their metadata. 

Summary Of DogWalk Path Traversal Vulnerability:

In short, DogWalk is a Path Traversal Vulnerability in Microsoft’s Troubleshooting tool named Microsoft Support Diagnostics Too (MSDT). Attackers can abuse this flaw to compromise a computer by crafting a diagnostic package. 

Microsoft has loaded diagnostic packages to help troubleshoot the issues. However, it has allowed Windows to download the additional missed out diagnostic packages from the internet. Microsoft has implemented integrity checks for the downloaded packages to ensure security. But, this DogWalk Path Traversal Vulnerability has created a way for attackers to save any files to any locations on the file system with the user’s permission before the integrity check takes place. Please check out this post published by Imre Rad for more technical details.

Attackers could take advantage of this flaw by dropping a malicious file to the Startup folder of Windows so that the file will be executed during the Windows startup. Attackers deliver such malicious packages as an attachment or web link in the email.

How Does DogWalk Path Traversal Vulnerability Be Exploited?

Published by Opatch

PoC Of DogWalk Path Traversal Vulnerability:

The author of this vulnerability has created a webdab PoC server for testing purposes. Those who want to test their Windows machine can visit the link and download the .diagcab file. Opatch has published this small video clip that clearly shows how a file will get created in the Windows Startup location. 

If you want to try the POC. 

  1. Download the .diagcab file from: https://irsl.github.io/microsoft-diagcab-rce-poc/
  2. Press CTRL+R, then type ‘shell:startup‘ to browse the Windows Startup Programs location.
  3. Execute the downloaded file. You will see a calc.exe created in the Startup location. This proves that your Windows computer is vulnerable to the flaw.

Created by Opatch

How To Protect Your Windows Computers From DogWalk Path Traversal Vulnerability?

Well, there are no official patches rolled out from Microsoft to permanently fix the DogWalk Path Traversal Vulnerability. However, you can protect your Windows computers from DogWalk Path Traversal Vulnerability with the help of a third-party security application, Opatch.

Opatch is an incredible microscopic solution for security issues. It uses tiny patches of code ( “micropatches”) to fix software bugs in a variety of open-source and even proprietary products, servers, workstations, and other hardware devices. When you use 0patch, there are no reboots or downtime, and you don’t have to worry about a large official update causing havoc in production.

0patch is making the patch deployment process shorter and less complicated for both corporate users and administrators. Because it is reducing the patch deployment time from months to just hours, corporations welcome its lightness and simplicity. It’s simple to review tiny micropatches, and being able to apply and remove them immediately locally or remotely makes production testing a lot easier.

Opatch has published micropatches for most of the Windows Operating Systems:

  1. Windows 11 v21H2
  2. Windows 10 v21H2
  3. Windows 10 v21H1
  4. Windows 10 v20H2
  5. Windows 10 v2004
  6. Windows 10 v1909
  7. Windows 10 v1903
  8. Windows 10 v1809
  9. Windows 10 v1803
  10. Windows 7
  11. Windows Server 2008 R2
  12. Windows Server 2012
  13. Windows Server 2012 R2
  14. Windows Server 2016
  15. Windows Server 2019 
  16. Windows Server 2022 

Let’s see how to protect your Windows computers from DogWalk Path Traversal Vulnerability using Opatch.

Time needed: 5 minutes.

How to Protect Your Windows Computers from DogWalk Path Traversal Vulnerability?

  1. Create a free account in Opatch

    Visit Optch and login if you have an account created or register using an email ID.

    Note: It’s a free registration.

    https://central.0patch.com/auth/login


    Login to Opatch for free

  2. Download free Opatch agent

    Download the Opatch agent from here: https://0patch.com/

    Download free Opatch agent

  3. Execute the Opatch agent

    You do not need to do anything big to install the patch. Launch the agent, the patch will be installed by itself.

    Install Opatch agent

  4. Accept License agreement

    Opatch agent- Accept License agreement

  5. Select installation folder

    Choose the installation path. If not keep the default.

    Opatch agent- Seclect installation path

  6. Confirm installation

    Opatch agent- Confirm installation

  7. Finish Opatch agent installation

    Finish Opatch agent installation

  8. Sign into Opatch agent

    Sign into Opatch agent

  9. Opatch dashboard

    You will start seeing the number of available updates on the dashboard upon signing in to the agent.

    Opatch dashboard

  10. Protect Your Windows Computers from DogWalk Path Traversal Vulnerability

    Click on the ‘PATCH WAS APPLIED’ tiles to see the patch was applied for DogWalk Path Traversal Vulnerability.

    Protect Your Windows Computers from DogWalk Path Traversal Vulnerability

We hope this post will help you how to protect your Windows computers from DogWalk Path Traversal Vulnerability. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this.

About the author

Arun KL

To know more about me. Follow me on LinkedIn
Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.