Security News > 2022 > November > Microsoft fixes Windows zero-day bug exploited to push malware

Windows has fixed a bug that prevented Mark of the Web flags from propagating to files within downloaded ISO files, dealing a massive blow to malware distributors and developers.
According to Bill Demirkapi, an engineer in Microsoft MSRC's Vulnerability and Mitigations team, a bug was fixed that prevented the MoTW flag from propagating to files inside an ISO disk image.
Since Windows 8, it is possible to open an ISO file by double-clicking on it, causing Windows to mount it as a DVD drive under a new drive letter.
While a downloaded or attached ISO file will contain the Mark of the Web and issue a warning when opened, the bug caused the MoTW flag not to be propagated to non-Microsoft Office file types, such as Windows Shortcuts.
The first bug causes Windows SmartScreen to fail on Windows 11 22H2 and bypass Mark of the Web warnings when opening files directly from ZIP archives.
Exploited Windows zero-day lets JavaScript files bypass security warnings.
News URL
Related news
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) (source)
- Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (source)
- Microsoft admits GitHub hosted malware that infected almost a million devices (source)
- Microsoft lifts Windows 11 update block for some AutoCAD users (source)
- Microsoft replacing Remote Desktop app with Windows App in May (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)