Microsoft a mis en ligne la semaine dernière un Patch Tuesday dont le téléchargement et l’installation sont très recommandés et pour cause : ce patch corrige une faille « zero day » exploitée par des pirates. Pourtant, Microsoft aurait pu s’en occuper bien avant…
Parmi les 121 correctifs fournis par Microsoft dans son dernier Patch Tuesday, un en particulier retient l’attention. La livraison bouche en effet la vulnérabilité CVE-2022-34713, connue sous le nom « DogWalk » depuis deux ans et demi ! En décembre 2019, le chercheur Imre Rad prévenait l’éditeur de la présence de cette brèche, mais à l’époque ce dernier n’a pas voulu réagir.
Pas une faille sérieuse, selon Microsoft
Microsoft a en effet expliqué que l’exploitation de la faille nécessitait une action spécifique de l’utilisateur : il faut en effet le forcer à télécharger et à exécuter le fichier. « Tel que c’est décrit, cela ne peut pas être considéré comme une vulnérabilité. Aucune limite de sécurité n’est contournée, la preuve de concept n’augmente en aucune façon les autorisations et ne fait rien que l’utilisateur ne puisse déjà faire », avait répondu l’entreprise début 2020.
Que s’est-il passé entretemps pour que Microsoft revienne sur sa décision ? Difficile de le dire, mais il est possible que des tentatives d’exploitation de cette vulnérabilité aient finalement poussé l’éditeur à revoir sa position. Et à se mettre au travail en développant un correctif…
« DogWalk » permet d’exécuter du code arbitraire à distance via une attaque dans le module Windows Support Diagnostic Tool (MSDT). L’opération nécessite cependant que la victime télécharge un fichier, puis l’ouvre. Ce fameux module MSDT est une cible de prédilection pour les hackers, puisque c’est la deuxième fois en trois mois qu’une brèche « zero day » y est découverte.
Le retard pris par Microsoft pour colmater la faille, et l’inertie avec laquelle l’entreprise s’est occupée du problème devraient la pousser à plus de prudence à l’avenir.
01met
23 commentaires
Pretty nice post. I just stumbled upon your blog and wished to mention that I’ve truly loved surfing around your blog posts.
After all I’ll be subscribing in your feed and I hope you write once more soon!
What a material of un-ambiguity and preserveness of precious
know-how regarding unpredicted emotions.
excellent issues altogether, you just won a new reader.
What may you recommend in regards to your put up that you just made a few days ago?
Any positive?
Hi, I do believe this is a great web site. I stumbledupon it 😉 I’m going to
return once again since I book marked it. Money and freedom is the greatest way to change,
may you be rich and continue to guide other people.
What a data of un-ambiguity and preserveness of precious experience on the topic of unpredicted emotions.
It’s really very complex in this busy life to listen news on Television, so I just use the web for
that purpose, and take the most recent information.
Hi there! Would you mind if I share your blog with my myspace
group? There’s a lot of people that I think would really enjoy your
content. Please let me know. Cheers
Just want to say your article is as astounding. The clearness in your post is simply nice and i can assume you are
an expert on this subject. Well with your permission let me to grab your RSS feed to keep updated with forthcoming post.
Thanks a million and please carry on the enjoyable work.
Highly descriptive article, I loved that bit.
Will there be a part 2?
Hello there! Do you know if they make any plugins
to safeguard against hackers? I’m kinda paranoid about losing
everything I’ve worked hard on. Any recommendations?
Wonderful article! This is the kind of information that are supposed to be shared around
the net. Disgrace on Google for now not positioning this submit upper!
Come on over and visit my website . Thanks =)
Thank you for the good writeup. It actually was a entertainment
account it. Look complicated to far delivered agreeable
from you! By the way, how can we keep up a correspondence?
Right now it seems like Expression Engine is the best blogging
platform out there right now. (from what I’ve read) Is that what you are using on your
blog?
Hi there! I know this is kinda off topic however I’d figured
I’d ask. Would you be interested in exchanging links or maybe guest writing a blog post or vice-versa?
My website discusses a lot of the same subjects as yours and I think
we could greatly benefit from each other. If you might be interested
feel free to shoot me an e-mail. I look forward to hearing from you!
Great blog by the way!
I have been exploring for a bit for any high quality articles or weblog
posts in this kind of area . Exploring in Yahoo I at last stumbled upon this website.
Studying this information So i am satisfied
to exhibit that I’ve an incredibly just right uncanny feeling I came upon exactly what I needed.
I such a lot surely will make certain to do not forget this website and provides it a look regularly.
I loved as much as you’ll receive carried out right here.
The sketch is tasteful, your authored subject matter stylish.
nonetheless, you command get got an shakiness
over that you wish be delivering the following.
unwell unquestionably come further formerly again as exactly the
same nearly very often inside case you shield this hike.
I every time spent my half an hour to read this blog’s articles everyday along with a mug of coffee.
I was pretty pleased to uncover this site. I wanted to thank you for your time due
to this wonderful read!! I definitely really liked every little bit of it and
i also have you saved to fav to look at new stuff on your site.
I’ve been browsing online more than 3 hours as of late, but I never found any fascinating article like yours.
It’s beautiful worth sufficient for me. Personally, if all
website owners and bloggers made just right content
material as you did, the web can be much more useful than ever
before.
My brother suggested I might like this website. He was entirely
right. This post actually made my day. You can not imagine just how much time I had spent for this info!
Thanks!
Good way of describing, and fastidious article to obtain facts regarding my presentation subject matter, which i am
going to deliver in institution of higher education.
Hi my loved one! I want to say that this post is awesome, great written and come with approximately all vital
infos. I would like to see more posts like this .
My relatives all the time say that I am killing
my time here at web, except I know I am getting experience daily by
reading such fastidious articles or reviews.