Windows And UnRAR Flaws Exploited In The Wild, Warns CISA

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified two more flaws that are currently being actively exploited in the wild and have added them to its list of Known Exploited Vulnerabilities Catalog.

For those unversed, theย Known Exploited Vulnerabilities Catalogย is a list of vulnerabilities that CISA has identified as being exploited, or that have been used by threat actors.

Letโ€™s have a look at both the flaws, which have received a high-severity score and are directory traversal vulnerabilities that could help threat actors install malware on the victimโ€™s system.

Windows DogWalk Bug

Officially tracked asย CVE-2022-34713ย and publicly known as DogWalk, this vulnerability in Microsoftโ€™s Windows Support Diagnostic Tool (MSDT) allows attackers to gain remote code execution (RCE) on compromised systems and add a malicious executable into the Windows Startup folder.

Apparently, the issue was originally discovered by a Hungarian security researcher, Imre Rad in December 2019 and reported to Microsoft. However, the Redmond giant dismissed his report saying it would not provide a fix, as it did not consider it a security vulnerability. As a result, Imre posted a detailed blog about the vulnerability in January 2020.

Later, security researcher j00sean brought the problem back to public attention this year by summarising what an attacker could achieve by exploiting it and provided video evidence:

 

On Monday, Microsoft issued an advisory stating that successful exploitation requires user involvement, an obstacle that can be easily overcome through social engineering, particularly in email and web-based attacks:

  • In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
  • In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.

Anย unofficial patchย has been available since early June from theย 0patch micropatching service, for the majority of the impacted Windows versions (Windows 7/10/11 and Server 2008 through 2022).

Microsoft addressedย CVE-2022-34713 on Monday by releasing the August 2022 Patch Tuesday security updates for Windows and acknowledging that the issue has been exploited in attacks.

UnRAR Bug Exploited

The second vulnerability, tagged asย CVE-2022-30333, has been added to CISAโ€™sย Known Exploited Vulnerabilities Catalog.

The security issue, which wasย disclosed by Swiss company SonarSourceย in late June, is a path traversal vulnerability found in the Linux and Unix versions of UnRAR utility. This flaw could be used by attackers for remote code execution (RCE) to compromise the business email platform, Zimbra server without validation.

Earlier this month, the Metasploit penetration testing software added an exploit code.

Federal agencies in the United States are expected to apply vendor patches for both vulnerabilities by August 30.

Source: BleepingComputer

Subscribe to our newsletter

To be updated with all the latest news

Kavita Iyer
Kavita Iyerhttps://www.techworm.net
An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human!!!

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Subscribe to our newsletter

To be updated with all the latest news

Read More

Suggested Post