Security News > 2022 > October > Exploited Windows zero-day lets JavaScript files bypass security warnings
A new Windows zero-day allows threat actors to use malicious stand-alone JavaScript files to bypass Mark-of-the-Web security warnings.
Windows includes a security feature called Mark-of-the-Web that flags a file as having been downloaded from the Internet and should be treated with caution as it could be malicious.
"While files from the Internet can be useful, this file type can potentially harm your computer. If you do not trust the source, do not open this software," reads the warning from Windows.
Dormann further tested the use of this malformed signature in JavaScript files and was able to create proof-of-concept JavaScript files that would bypass the MoTW warning.
Using this technique, threat actors can bypass the normal security warnings shown when opening downloaded JS files and automatically execute the script.
According to Dormann, the bug stems from Windows 10's new 'Check apps and files' SmartScreen feature under Windows Security > App & Browser Control > Reputation-based protection settings.
News URL
Related news
- Microsoft confirms memory leak in March Windows Server security update (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Microsoft squashes SmartScreen security bypass bug exploited in the wild (source)
- Telegram fixes Windows app zero-day caused by file extension typo (source)
- Telegram fixes Windows app zero-day used to launch Python scripts (source)
- Rarest, strangest, form of Windows saved techie from moment of security madness (source)
- Prompt Hacking, Private GPTs, Zero-Day Exploits and Deepfakes: Report Reveals the Impact of AI on Cyber Security Landscape (source)
- Microsoft fixes Windows zero-day exploited in QakBot malware attacks (source)