Security News > 2022 > November > Unofficial fix emerges for Windows bug abused to infect home PCs with ransomware

A cybersecurity firm has issued another unofficial patch to squash a bug in Windows that Microsoft has yet to fix, with this hole being actively exploited to spread ransomware.

Specifically, an attacker could prevent Windows from putting the MotW flag on files extracted from a ZIP archive obtained from an untrusted source.

Just days before the first patch was released, HP Wolf Security shared a report about a spate of ransomware infections in September that each started with a web download. Victims were told to fetch a ZIP archive that contained a JavaScript file masquerading as an antivirus or Windows software update.

That is to say: there's a bug in Windows that has been exploited so that the MotW flag is not applied to internet-sourced files, and now there's exploitation of a related vulnerability in which MotW is set but it has no effect.

"Remember that on Windows 10 and Windows 11, opening any potentially harmful file triggers a SmartScreen inspection of said file, whereby SmartScreen determines if the file is clear to get launched or the user should be warned about it," Kolsek said.

Acros's latest micropatch, released October 28, works for Windows 11 version 21H2, eight versions of Windows 10 including 21H1 and 21H2, and Windows Server versions 2019 and 2022, we're told.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/11/01/microsoft_motw_malware_flaw/