A diagnostics tool fault that affects path traversal could allow remote code execution.
Microsoft has patched a remote code execution vulnerability that was first reported to the firm two years ago and uncovered in May of this year in its MSDT diagnostics tool for Windows.
Security experts gave the patch the name "Dogwalk" and included it in this month's Patch Wednesday.
The software giant first neglected to remedy the problem, despite the fact that researcher Imre Rad reported the defect to Microsoft in January 2020 and despite the vulnerability reappearing this year.
According to Microsoft security researcher Johnathan Norman, the firm has since changed its mind.
Microsoft released remedy instructions for customers when the Dogwalk vulnerability reappeared in May of this year and exploitation attempts were noted by the company.
An unprecedented 141 vulnerabilities in various Microsoft programs are fixed by the August Patch Wednesday.
One of these flaws, with the Common Vulnerabilities and Exposures index of CVE-2022-30134, affects Exchange Server.
Attackers who use the flaw can read emails, according to Microsoft.
To address the aforementioned vulnerability and others impacting Exchange Server, patching alone is insufficient.
To effectively address the vulnerabilities, according to Microsoft, managers must turn on the Windows Extended Protection feature on Exchange Servers.
