Microsoft has patched a zero-day vulnerability that is reportedly over two weeks old. The vulnerability has been dubbed Dogwalk and is actively being exploited in the wild. Alongside Dogwalk, the August Patch Tuesday released by Microsoft this week addresses 121 CVEs total, including 17 critical bugs. Dogwalk is tied to a Microsoft Windows Support Diagnostic Tool and allows a remote attacker to execute code on a system that is vulnerable to the flaw. The volume of fixes released by Microsoft is higher than what is normally expected in an August release. In addition, it is almost triple the size of last year’s patches issued in August and marks the second largest release since the start of 2022.

Dogwalk was first reported to Microsoft in January 2020 by security researcher Imre Rad. However, Microsoft did not patch the flaw until a separate set of researchers began tracking the exploitation of a flaw referred to at Follina. During this time, the Dogwalk bug was rediscovered. Microsoft’s renewed interest in the flaw was likely why it was finally patched this month.