Microsoft a mis en ligne la semaine dernière un Patch Tuesday dont le téléchargement et l’installation sont très recommandés et pour cause : ce patch corrige une faille « zero day » exploitée par des pirates. Pourtant, Microsoft aurait pu s’en occuper bien avant…

Parmi les 121 correctifs fournis par Microsoft dans son dernier Patch Tuesday, un en particulier retient l’attention. La livraison bouche en effet la vulnérabilité CVE-2022-34713, connue sous le nom « DogWalk » depuis deux ans et demi ! En décembre 2019, le chercheur Imre Rad prévenait l’éditeur de la présence de cette brèche, mais à l’époque ce dernier n’a pas voulu réagir.

Pas une faille sérieuse, selon Microsoft
Microsoft a en effet expliqué que l’exploitation de la faille nécessitait une action spécifique de l’utilisateur : il faut en effet le forcer à télécharger et à exécuter le fichier. « Tel que c’est décrit, cela ne peut pas être considéré comme une vulnérabilité. Aucune limite de sécurité n’est contournée, la preuve de concept n’augmente en aucune façon les autorisations et ne fait rien que l’utilisateur ne puisse déjà faire », avait répondu l’entreprise début 2020.

Que s’est-il passé entretemps pour que Microsoft revienne sur sa décision ? Difficile de le dire, mais il est possible que des tentatives d’exploitation de cette vulnérabilité aient finalement poussé l’éditeur à revoir sa position. Et à se mettre au travail en développant un correctif…

« DogWalk » permet d’exécuter du code arbitraire à distance via une attaque dans le module Windows Support Diagnostic Tool (MSDT). L’opération nécessite cependant que la victime télécharge un fichier, puis l’ouvre. Ce fameux module MSDT est une cible de prédilection pour les hackers, puisque c’est la deuxième fois en trois mois qu’une brèche « zero day » y est découverte.

Le retard pris par Microsoft pour colmater la faille, et l’inertie avec laquelle l’entreprise s’est occupée du problème devraient la pousser à plus de prudence à l’avenir.

01met

Part.

27 commentaires

  1. Pretty nice post. I just stumbled upon your blog and wished to mention that I’ve truly loved surfing around your blog posts.

    After all I’ll be subscribing in your feed and I hope you write once more soon!

  2. excellent issues altogether, you just won a new reader.
    What may you recommend in regards to your put up that you just made a few days ago?
    Any positive?

  3. Hi, I do believe this is a great web site. I stumbledupon it 😉 I’m going to
    return once again since I book marked it. Money and freedom is the greatest way to change,
    may you be rich and continue to guide other people.

  4. It’s really very complex in this busy life to listen news on Television, so I just use the web for
    that purpose, and take the most recent information.

  5. Hi there! Would you mind if I share your blog with my myspace
    group? There’s a lot of people that I think would really enjoy your
    content. Please let me know. Cheers

  6. Just want to say your article is as astounding. The clearness in your post is simply nice and i can assume you are
    an expert on this subject. Well with your permission let me to grab your RSS feed to keep updated with forthcoming post.

    Thanks a million and please carry on the enjoyable work.

  7. Hello there! Do you know if they make any plugins
    to safeguard against hackers? I’m kinda paranoid about losing
    everything I’ve worked hard on. Any recommendations?

  8. Wonderful article! This is the kind of information that are supposed to be shared around
    the net. Disgrace on Google for now not positioning this submit upper!
    Come on over and visit my website . Thanks =)

  9. Thank you for the good writeup. It actually was a entertainment
    account it. Look complicated to far delivered agreeable
    from you! By the way, how can we keep up a correspondence?

  10. Right now it seems like Expression Engine is the best blogging
    platform out there right now. (from what I’ve read) Is that what you are using on your
    blog?

  11. Hi there! I know this is kinda off topic however I’d figured
    I’d ask. Would you be interested in exchanging links or maybe guest writing a blog post or vice-versa?

    My website discusses a lot of the same subjects as yours and I think
    we could greatly benefit from each other. If you might be interested
    feel free to shoot me an e-mail. I look forward to hearing from you!
    Great blog by the way!

  12. I have been exploring for a bit for any high quality articles or weblog
    posts in this kind of area . Exploring in Yahoo I at last stumbled upon this website.
    Studying this information So i am satisfied
    to exhibit that I’ve an incredibly just right uncanny feeling I came upon exactly what I needed.
    I such a lot surely will make certain to do not forget this website and provides it a look regularly.

  13. I loved as much as you’ll receive carried out right here.

    The sketch is tasteful, your authored subject matter stylish.
    nonetheless, you command get got an shakiness
    over that you wish be delivering the following.
    unwell unquestionably come further formerly again as exactly the
    same nearly very often inside case you shield this hike.

  14. I every time spent my half an hour to read this blog’s articles everyday along with a mug of coffee.

  15. I was pretty pleased to uncover this site. I wanted to thank you for your time due
    to this wonderful read!! I definitely really liked every little bit of it and
    i also have you saved to fav to look at new stuff on your site.

  16. I’ve been browsing online more than 3 hours as of late, but I never found any fascinating article like yours.
    It’s beautiful worth sufficient for me. Personally, if all
    website owners and bloggers made just right content
    material as you did, the web can be much more useful than ever
    before.

  17. My brother suggested I might like this website. He was entirely
    right. This post actually made my day. You can not imagine just how much time I had spent for this info!
    Thanks!

  18. Hi my loved one! I want to say that this post is awesome, great written and come with approximately all vital
    infos. I would like to see more posts like this .

  19. My relatives all the time say that I am killing
    my time here at web, except I know I am getting experience daily by
    reading such fastidious articles or reviews.

  20. Hey There. I discovered your blog the usage of msn. That is a very well
    written article. I’ll be sure to bookmark it and come back to
    read extra of your helpful info. Thank you for the post.
    I will certainly comeback.

  21. I was suggested this blog by my cousin. I am not sure whether
    this post is written by him as nobody else know such detailed about my trouble.
    You are wonderful! Thanks!

  22. Pingback: Biald Alrafidain University

Laisser Une Réponse

Exit mobile version