Security News > 2022 > October > Windows Mark of the Web bypass zero-day gets unofficial patch

A free unofficial patch has been released through the 0patch platform to address an actively exploited zero-day flaw in the Windows Mark of the Web security mechanism.
Windows automatically adds MotW flags to all documents and executables downloaded from untrusted sources, including files extracted from downloaded ZIP archives, using a special 'Zone.Id' alternate data stream.
These MotW labels tell Windows, Microsoft Office, web browsers, and other apps that the file should be treated with suspicion and will cause warnings to be displayed to the user that opening the files could lead to dangerous behavior, such as malware being installed on the device.
As ACROS Security CEO and co-founder of the 0patch micropatching service Mitja Kolsek explains, MotW is an essential Windows security mechanism since Smart App Control will only work on files with MotW flags and Microsoft Office will only block macros on documents tagged with MotW labels.
Windows Server 2012 R2. Windows Server 2008 R2 with or without ESU. To install the micropatches on your Windows device, register a 0patch account and install its agent.
You can see 0patch's Windows micropatches in action in the video below.
News URL
Related news
- New Windows zero-day leaks NTLM hashes, gets unofficial patch (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017 (source)
- New Windows zero-day exploited by 11 state hacking groups since 2017 (source)