Security News > 2022 > October > Unofficial Patch Released for New Actively Exploited Windows MotW Vulnerability

An unofficial patch has been made available for an actively exploited security flaw in Microsoft Windows that makes it possible for files signed with malformed signatures to sneak past Mark-of-the-Web protections.

The fix, released by 0patch, arrives weeks after HP Wolf Security disclosed a Magniber ransomware campaign that targets users with fake security updates which employ a JavaScript file to proliferate the file-encrypting malware.

While files downloaded from the internet in Windows are tagged with a MotW flag to prevent unauthorized actions, it has since been found that corrupt Authenticode signatures can be used to allow the execution of arbitrary executables without any SmartScreen warning.

Fixes for the flaw also come less than two weeks after unofficial patches were shipped for another zero-day MotW bypass flaw that came to light in July and has since come under active attack, per security researcher Kevin Beaumont.

The vulnerability, discovered by Dormann, relates to how Windows fails to set the MotW identifier to files extracted from specifically crafted.

"Attackers therefore understandably prefer their malicious files not being marked with MOTW; this vulnerability allows them to create a ZIP archive such that extracted malicious files will not be marked," Kolsek said.

News URL

https://thehackernews.com/2022/10/unofficial-patch-released-for-new.html