Security News > 2022 > October > Exploited Windows zero-day lets JavaScript files bypass security warnings
A new Windows zero-day allows threat actors to use malicious stand-alone JavaScript files to bypass Mark-of-the-Web security warnings.
Windows includes a security feature called Mark-of-the-Web that flags a file as having been downloaded from the Internet and should be treated with caution as it could be malicious.
"While files from the Internet can be useful, this file type can potentially harm your computer. If you do not trust the source, do not open this software," reads the warning from Windows.
Dormann further tested the use of this malformed signature in JavaScript files and was able to create proof-of-concept JavaScript files that would bypass the MoTW warning.
Using this technique, threat actors can bypass the normal security warnings shown when opening downloaded JS files and automatically execute the script.
According to Dormann, the bug stems from Windows 10's new 'Check apps and files' SmartScreen feature under Windows Security > App & Browser Control > Reputation-based protection settings.
News URL
Related news
- Windows 10 KB5044273 update released with 9 fixes, security updates (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short (source)
- EDRSilencer red team tool used in attacks to bypass security (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity (source)
- New Windows Driver Signature bypass allows kernel rootkit installs (source)
- New Windows Themes zero-day gets free, unofficial patches (source)
- Windows Themes zero-day bug exposes users to NTLM credential theft (source)
- North Korean hackers create Flutter apps to bypass macOS security (source)