Microsoft issued a new security bulletin as part of August 2022's regular Patch Tuesday releases for Microsoft Windows regarding a 0-Day remote code execution (RCE) vulnerability in the Windows Support Diagnostic Tool (MSDT). This vulnerability has been designated as CVE-2022-34713 and has been reported to have been exploited in-the-wild (ITW).
Protection Against ExploitationFirst and foremost, it is always highly recommended that users apply the vendor's patches when they become available. Please see the official advisory for more information and the official fixes that are now available through the regular Patch Tuesday process for Windows.
In addition, Trend Micro has released some detection/protection filters, rules and patterns as another layer of protection to help customers protect against potential exploitation of this vulnerability:
Trend Micro Cloud One - Network Security & TippingPoint ThreatDV Malware Protection Filters
- Filter 41635: HTTP: Suspicious WebDAV PROPFIND Response
Trend Micro Cloud One - Workload Security, Deep Security & Vulnerability Protection IPS Rules
- Rule 1011511: Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability (DogWalk) (CVE-2022-34713)
Trend Micro Malware Detection Patterns (VSAPI, Predictive Learning, Behavioral Monitoring and WRS) for Endpoint, Servers, Mail & Gateway (e.g. Apex One, Worry-Free Business Security Services, Worry-Free Business Security Standard/Advanced, Deep Security w/Anti-malware, etc.)
Trend Micro also has protection against known components used in exploits against this vulnerability in the form of the pattern detections:
This article will be updated as more information becomes available.