Security News > 2022 > December > Microsoft patches Windows zero-day used to drop ransomware

Microsoft has fixed a security vulnerability used by threat actors to circumvent the Windows SmartScreen security feature and deliver payloads in Magniber ransomware attacks.
The attackers used malicious standalone JavaScript files to exploit the CVE-2022-44698 zero-day to bypass Mark-of-the-Web security warnings displayed by Windows to alert users that files originating from the Internet should be treated with caution.
"An attacker can craft a malicious file that would evade Mark of the Web defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging," Redmond explained on Tuesday.
Last month, the same Windows zero-day vulnerability was also abused in phishing attacks to drop the Qbot malware without displaying MOTW security warnings.
As security researcher ProxyLife found, threat actors behind this recent QBot phishing campaign switched to the Windows Mark of the Web zero-day by distributing JS files signed with the same malformed key used in the Magniber ransomware attacks.
During the December 2022 Patch Tuesday, Microsoft also fixed a publicly disclosed zero-day that would allow attackers to gain SYSTEM privileges on unpatched Windows 11 systems.
News URL
Related news
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ (source)
- Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- Microsoft lifts Windows 11 update block for some AutoCAD users (source)
- Microsoft replacing Remote Desktop app with Windows App in May (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-13 | CVE-2022-44698 | Unspecified vulnerability in Microsoft products Windows SmartScreen Security Feature Bypass Vulnerability | 5.4 |