CISA Warns Of Windows And UnRAR Bugs Exploited In The Wild

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of two vulnerabilities exploited in the wild. The flaws have been added to the list of Known Exploited Vulnerabilities based on evidence of active exploitation.

For both vulnerabilities, federal authorities in the U.S. are expected to apply the updates from the vendors by August 30.

The first bug tracked as CVE-2022-34713 is formally referred to as DogWalk, while the second bug tracked as CVE-2022-30333 is a path traversal bug in the UnRAR utility for Linux and Unix systems.

The DogWalk vulnerability (CVE-2022-34713) is a vulnerability in MSDT that allows attackers to place a malicious executable program in the Windows Startup folder. According to Microsoft, successful exploitation requires user interaction that can be bypassed via social engineering, especially in email and web-based attacks.

The UnRAR bug (CVE-2022-30333) found in the UnRAR utility for Linux and Unix systems allows an attacker to use it to place a malicious file on the target system by extracting it to any location during the unpack operation.

For most affected versions of Windows, an unofficial patch for CVE-2022-34713 is available from the 0patch micropatching service. Microsoft has also fixed the bug as part of the security updates for Windows released in August 2022.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web