How To Protect Your Windows Computers From DogWalk Path Traversal Vulnerability?

There is another unpatched security vulnerability pertaining to Microsoft’s Troubleshooting tool named Microsoft Support Diagnostics Tool (MSDT) has emerged when the Follina vulnerability with identifier CVE-2022-30190 is still in active exploitation. The flaw doubled “DogWalk Vulnerability” is a path traversal vulnerability in MSDT. The flaw has not been assigned an identifier, and no CVSS score has been calculated yet to measure the severity of the flaw. The issue was actually identified in 2020 and reported to Microsoft. To the bad, Microsoft has not taken the vulnerability seriously, and no patches were released at least till Opatchhe date this post was published. Since attackers can use DogWalk Path Traversal Vulnerability to compromise all Windows operating systems, both Workstation and Server versions, it is important to address this vulnerability as soon as you can. We have created this post to show you how to protect your Windows computers from DogWalk Path Traversal Vulnerability.

Understanding Microsoft Support Diagnostic Tool (MSDT):

MSDT is a powerful tool that can help you diagnose and repair problems with your Windows-based computer. MSDT can be used to troubleshoot a wide variety of Windows-related issues, including crashes, hangs, and blue screens. MSDT is available for download from the Microsoft website. It is important to note that MSDT requires a valid support contract from Microsoft in order to use it.

Once you have downloaded and installed MSDT, you can launch it by clicking Start, then All Programs, then Accessories, then Microsoft Support Diagnostic Tool. MSDT will automatically scan your computer for common problems and attempt to resolve them automatically. If MSDT is unable to resolve a problem, it will provide you with information that you can use to contact Microsoft support for further assistance.

File Types Associated With Microsoft Support Diagnostic Tool (MSDT):

MSDT is located at ‘%WINDIR%\System32\msdt.exe’ on your Windows computer and associated with dump files and log files. Dump files contain a snapshot of your system’s current state, while log files track changes to your system over time. Well, rather than going deep into its file system, we should restrict this discussion to these three file types, which are more reverent to understand this flaw.

diagcab is simple XML files packed into Microsoft cabinet (.cab) file archives with .diagcab file extension that stores the diagnostic packages references and their metadata. 

Summary Of DogWalk Path Traversal Vulnerability:

In short, DogWalk is a Path Traversal Vulnerability in Microsoft’s Troubleshooting tool named Microsoft Support Diagnostics Too (MSDT). Attackers can abuse this flaw to compromise a computer by crafting a diagnostic package. 

Microsoft has loaded diagnostic packages to help troubleshoot the issues. However, it has allowed Windows to download the additional missed out diagnostic packages from the internet. Microsoft has implemented integrity checks for the downloaded packages to ensure security. But, this DogWalk Path Traversal Vulnerability has created a way for attackers to save any files to any locations on the file system with the user’s permission before the integrity check takes place. Please check out this post published by Imre Rad for more technical details.

Attackers could take advantage of this flaw by dropping a malicious file to the Startup folder of Windows so that the file will be executed during the Windows startup. Attackers deliver such malicious packages as an attachment or web link in the email.

How Does DogWalk Path Traversal Vulnerability Be Exploited?

Published by Opatch

PoC Of DogWalk Path Traversal Vulnerability:

The author of this vulnerability has created a webdab PoC server for testing purposes. Those who want to test their Windows machine can visit the link and download the .diagcab file. Opatch has published this small video clip that clearly shows how a file will get created in the Windows Startup location. 

If you want to try the POC. 

Created by Opatch

How To Protect Your Windows Computers From DogWalk Path Traversal Vulnerability?

Well, there are no official patches rolled out from Microsoft to permanently fix the DogWalk Path Traversal Vulnerability. However, you can protect your Windows computers from DogWalk Path Traversal Vulnerability with the help of a third-party security application, Opatch.

Opatch is an incredible microscopic solution for security issues. It uses tiny patches of code ( “micropatches”) to fix software bugs in a variety of open-source and even proprietary products, servers, workstations, and other hardware devices. When you use 0patch, there are no reboots or downtime, and you don’t have to worry about a large official update causing havoc in production.

0patch is making the patch deployment process shorter and less complicated for both corporate users and administrators. Because it is reducing the patch deployment time from months to just hours, corporations welcome its lightness and simplicity. It’s simple to review tiny micropatches, and being able to apply and remove them immediately locally or remotely makes production testing a lot easier.

Opatch has published micropatches for most of the Windows Operating Systems:

Let’s see how to protect your Windows computers from DogWalk Path Traversal Vulnerability using Opatch.

Step 1. Create a free account in Opatch

Visit Optch and login if you have an account created or register using an email ID.

Note: It’s a free registration.
https://central.0patch.com/auth/login

Step 2. Download free Opatch agent

Download the Opatch agent from here: https://0patch.com/

Step 3. Execute the Opatch agent

You do not need to do anything big to install the patch. Launch the agent, the patch will be installed by itself.

Step 4. Accept License agreement

Step 5. Select installation folder

Choose the installation path. If not keep the default.

Step 6. Confirm installation

Step 7. Finish Opatch agent installation

Step 8. Sign into Opatch agent

Step 9. Opatch dashboard

You will start seeing the number of available updates on the dashboard upon signing in to the agent.

Step 10. Protect Your Windows Computers from DogWalk Path Traversal Vulnerability

Click on the ‘PATCH WAS APPLIED’ tiles to see the patch was applied for DogWalk Path Traversal Vulnerability.

We hope this post would help you how to protect your Windows computers from DogWalk Path Traversal Vulnerability. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram, and subscribe to receive updates like this.