“Microsoft patched CVE-2022-34713 and CVE-2022-35743, a pair of remote code execution (RCE) vulnerabilities in the Microsoft Windows Support Diagnostic Tool (MSDT). According to Microsoft, CVE-2022-34713 has been exploited in the wild as a zero-day and was publicly disclosed prior to a patch being available. The flaw is credited to Imre Rad, who first disclosed this type of vulnerability in MSDT back in January 2020. Microsoft originally declined to patch the flaw in 2020, but says that it qualified for a patch after a revision to its bug bar. CVE-2022-34713 appears to be a “variant” of a flaw that researchers call DogWalk.
“MSDT has received renewed focus since May, when it was discovered that attackers used a zero-day in MSDT as part of malicious Word document files. The flaw, which was dubbed Follina by security researchers, was patched in June and is identified as CVE 2022-30190.
“With reports that CVE-2022-34713 has been exploited in the wild, it would appear that attackers are looking to take advantage of flaws within MSDT as these types of flaws are extremely valuable to launch spearphishing attacks. A variety of threat actors leverage spearphishing, from advanced persistent threat (APT) groups to ransomware affiliates. We’ve seen flaws like CVE-2017-11882, a remote code execution bug in Microsoft Office, continue to be exploited years after patches have been made available. For attackers, bugs that can be executed via malicious documents remain a valuable tool, so flaws like Follina and CVE-2022-34713 will continue to be used for months. Therefore, it is vital that organizations apply the available patches as soon as possible.” – Satnam Narang, Senior Staff Research Engineer, Tenable