Protection Against Exploitation

First and foremost, it is always highly recommended that users apply the vendor's patches when they become available. Please see the official advisory for more information and the official fixes that are now available through the regular Patch Tuesday process for Windows.

In addition, Trend Micro has released some detection/protection filters, rules and patterns as another layer of protection to help customers protect against potential exploitation of this vulnerability:


Trend Micro Cloud One - Network Security & TippingPoint ThreatDV Malware Protection Filters

• Filter 41635: HTTP: Suspicious WebDAV PROPFIND Response

Trend Micro Cloud One - Workload Security, Deep Security & Vulnerability Protection IPS Rules

• Rule 1011511: Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability (DogWalk) (CVE-2022-34713)

Trend Micro Malware Detection Patterns (VSAPI, Predictive Learning, Behavioral Monitoring and WRS) for Endpoint, Servers, Mail & Gateway (e.g. Apex One, Worry-Free Business Security Services, Worry-Free Business Security Standard/Advanced, Deep Security w/Anti-malware, etc.)

Trend Micro also has protection against known components used in exploits against this vulnerability in the form of the pattern detections:

• Trojan.XML.CVE202234713.A
• PUA.W97M.CVE202234713.A

This article will be updated as more information becomes available.