How To Protect Your Windows Computers From DogWalk Path Traversal Vulnerability?

There is another unpatched security vulnerability pertaining to Microsoft’s Troubleshooting tool named Microsoft Support Diagnostics Tool (MSDT) has emerged when the Follina vulnerability with identifier CVE-2022-30190 is still in active exploitation. The flaw doubled “DogWalk Vulnerability” is a path traversal vulnerability in MSDT. The flaw has not been assigned an identifier, and no CVSS score has been calculated yet to measure the severity of the flaw. The issue was actually identified in 2020 and reported to Microsoft. To the bad, Microsoft has not taken the vulnerability seriously, and no patches were released at least till Opatchhe date this post was published. Since attackers can use DogWalk Path Traversal Vulnerability to compromise all Windows operating systems, both Workstation and Server versions, it is important to address this vulnerability as soon as you can. We have created this post to show you how to protect your Windows computers from DogWalk Path Traversal Vulnerability.

Understanding Microsoft Support Diagnostic Tool (MSDT):

MSDT is a powerful tool that can help you diagnose and repair problems with your Windows-based computer. MSDT can be used to troubleshoot a wide variety of Windows-related issues, including crashes, hangs, and blue screens. MSDT is available for download from the Microsoft website. It is important to note that MSDT requires a valid support contract from Microsoft in order to use it.

Once you have downloaded and installed MSDT, you can launch it by clicking Start, then All Programs, then Accessories, then Microsoft Support Diagnostic Tool. MSDT will automatically scan your computer for common problems and attempt to resolve them automatically. If MSDT is unable to resolve a problem, it will provide you with information that you can use to contact Microsoft support for further assistance.

See also  Understanding the OWASP Top 10 2021 Application Security Risks

File Types Associated With Microsoft Support Diagnostic Tool (MSDT):

MSDT is located at ‘%WINDIR%System32msdt.exe’ on your Windows computer and associated with dump files and log files. Dump files contain a snapshot of your system’s current state, while log files track changes to your system over time. Well, rather than going deep into its file system, we should restrict this discussion to these three file types, which are more reverent to understand this flaw.

File TypeDescription
.diagcabDiagnostic Cabinet file
.diagpkgDiagnostic Package file
.diagcfgDiagnostic Configuration file

diagcab is simple XML files packed into Microsoft cabinet (.cab) file archives with .diagcab file extension that stores the diagnostic packages references and their metadata. 

Summary Of DogWalk Path Traversal Vulnerability:

In short, DogWalk is a Path Traversal Vulnerability in Microsoft’s Troubleshooting tool named Microsoft Support Diagnostics Too (MSDT). Attackers can abuse this flaw to compromise a computer by crafting a diagnostic package. 

Microsoft has loaded diagnostic packages to help troubleshoot the issues. However, it has allowed Windows to download the additional missed out diagnostic packages from the internet. Microsoft has implemented integrity checks for the downloaded packages to ensure security. But, this DogWalk Path Traversal Vulnerability has created a way for attackers to save any files to any locations on the file system with the user’s permission before the integrity check takes place. Please check out this post published by Imre Rad for more technical details.

Attackers could take advantage of this flaw by dropping a malicious file to the Startup folder of Windows so that the file will be executed during the Windows startup. Attackers deliver such malicious packages as an attachment or web link in the email.

How Does DogWalk Path Traversal Vulnerability Be Exploited?

Published by Opatch

See also  Essential Strategies for Managing Information Security Operations

PoC Of DogWalk Path Traversal Vulnerability:

The author of this vulnerability has created a webdab PoC server for testing purposes. Those who want to test their Windows machine can visit the link and download the .diagcab file. Opatch has published this small video clip that clearly shows how a file will get created in the Windows Startup location. 

If you want to try the POC. 

  1. Download the .diagcab file from:
  2. Press CTRL+R, then type ‘shell:startup‘ to browse the Windows Startup Programs location.
  3. Execute the downloaded file. You will see a calc.exe created in the Startup location. This proves that your Windows computer is vulnerable to the flaw.

Created by Opatch

How To Protect Your Windows Computers From DogWalk Path Traversal Vulnerability?

Well, there are no official patches rolled out from Microsoft to permanently fix the DogWalk Path Traversal Vulnerability. However, you can protect your Windows computers from DogWalk Path Traversal Vulnerability with the help of a third-party security application, Opatch.

Opatch is an incredible microscopic solution for security issues. It uses tiny patches of code ( “micropatches”) to fix software bugs in a variety of open-source and even proprietary products, servers, workstations, and other hardware devices. When you use 0patch, there are no reboots or downtime, and you don’t have to worry about a large official update causing havoc in production.

0patch is making the patch deployment process shorter and less complicated for both corporate users and administrators. Because it is reducing the patch deployment time from months to just hours, corporations welcome its lightness and simplicity. It’s simple to review tiny micropatches, and being able to apply and remove them immediately locally or remotely makes production testing a lot easier.

See also  How Do (ALPACA ) TLS Cross-Protocol Attacks Lets Attackers Redirect HTTPS Traffic

Opatch has published micropatches for most of the Windows Operating Systems:

  1. Windows 11 v21H2
  2. Windows 10 v21H2
  3. Windows 10 v21H1
  4. Windows 10 v20H2
  5. Windows 10 v2004
  6. Windows 10 v1909
  7. Windows 10 v1903
  8. Windows 10 v1809
  9. Windows 10 v1803
  10. Windows 7
  11. Windows Server 2008 R2
  12. Windows Server 2012
  13. Windows Server 2012 R2
  14. Windows Server 2016
  15. Windows Server 2019 
  16. Windows Server 2022 

Let’s see how to protect your Windows computers from DogWalk Path Traversal Vulnerability using Opatch.

Time needed: 5 minutes.

How to Protect Your Windows Computers from DogWalk Path Traversal Vulnerability?

  1. Create a free account in OpatchVisit Optch and login if you have an account created or register using an email ID.

    Note: It’s a free registration.

    Login to Opatch for free
  2. Download free Opatch agentDownload the Opatch agent from here:

    Download free Opatch agent
  3. Execute the Opatch agentYou do not need to do anything big to install the patch. Launch the agent, the patch will be installed by itself.

    Install Opatch agent
  4. Accept License agreementOpatch agent- Accept License agreement
  5. Select installation folderChoose the installation path. If not keep the default.

    Opatch agent- Seclect installation path
  6. Confirm installationOpatch agent- Confirm installation
  7. Finish Opatch agent installationFinish Opatch agent installation
  8. Sign into Opatch agentSign into Opatch agent
  9. Opatch dashboardYou will start seeing the number of available updates on the dashboard upon signing in to the agent.

    Opatch dashboard
  10. Protect Your Windows Computers from DogWalk Path Traversal VulnerabilityClick on the ‘PATCH WAS APPLIED’ tiles to see the patch was applied for DogWalk Path Traversal Vulnerability.

    Protect Your Windows Computers from DogWalk Path Traversal Vulnerability

Leave a Reply

Your email address will not be published. Required fields are marked *