- Cybersecurity and Infrastructure Security Agency has added two flaws to its Known Exploited Vulnerabilities catalog to warn agencies.
- Windows Support Diagnostic Tool remote code execution vulnerability was discovered two years ago but Microsoft denied that it is a security issue.
- The UnRAR vulnerability, which has a CVSS score of 7.5, can allow an attacker to write to files during an extract operation.
The Cybersecurity and Infrastructure Security Agency announced that the organization has added two new vulnerabilities to its Known Exploited Vulnerabilities catalog. This means CISA has evidence that shows that these two vulnerabilities are currently being exploited in the wild. These vulnerabilities are Microsoft Windows Support Diagnostic Tool remote code execution vulnerability and RARLAB UnRAR directory traversal vulnerability.
High severity score
While both vulnerabilities have high severity scores, Microsoft’s vulnerability is not new. It was reported to the company by Imre Rad in January of 2020. But the tech giant claimed that it isn’t a security risk and dismissed it. Security researcher j00sean published the video proof of vulnerability being exploited. It was addressed in the August security update.
This is for sure an underrated 0day on Microsoft Support Diagnostics Tool. To summarize:
1) Persistence by startup folder.
2) MOTW bypass.
3) Not flagged by chromium-based file downloaders (Chrome, Edge or Opera).
4) Defender bypass.
— j00sean (@j00sean) June 2, 2022
On the CISA’s list, the vulnerabilities are described as:
- CVE-2022-34713: A remote code execution vulnerability exists when Microsoft Windows MSDT is called using the URL protocol from a calling application.
- CVE-2022-30333: RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract (unpack) operation.
The path traversal bug found in the UnRAR utility for Linux and Unix systems can allow attackers to plant malicious files. The vulnerability, found by SonarSource, allows attackers to plant the file by extracting it to an arbitrary location while unpacking. Federal agencies are required to apply the patchers before August ends.