Security News > 2023 > March > Microsoft squashes Windows bug exploited to inflict ransomware misery
Criminals are exploiting a Microsoft SmartScreen bug to deliver Magniber ransomware, potentially infecting hundreds of thousands of devices, without raising any security red flags, according to Google's Threat Analysis Group.
Redmond has patched the Windows-Office vulnerability, tracked as CVE-2023-24880, today in its monthly Patch Tuesday event.
It's related to a similar Windows SmartScreen security feature bypass vulnerability, CVE-2022-44698, which Microsoft patched in December - but not before miscreants found it and used it to sling the same malware.
Both vulnerabilities allow crooks to bypass this feature, which means their victims can download malicious files packed with ransomware that do not carry the MotW flag, which would trigger this added layer of security.
While miscreants used JScript files to deliver Magniber ransomware via the earlier bug, the new campaign uses Microsoft Software Installer files with a different type of malformed signature, according to TAG. The Google threat hunters have documented more than 100,000 downloads of the malicious MSI files since January 2023, and said over 80 percent of these were downloaded by European users, which is notable because Magniber usually targets victims in South Korea and Taiwan.
In the fall, security researchers discovered ransomware campaigns, first Magniber and then Qakbot, exploiting the Windows bug and bypassing Microsoft's MotW. They did this using a JScript file with a malformed signature that forced the SmartScreen request to return an error and trigger the default option - thus bypassing MotW and allowing the victim to open the file without triggering the security warning.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/03/14/windows_ransomware_zero_day_patched/
Related news
- Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (source)
- Microsoft fixes Windows 10 bug causing apps to stop working (source)
- Microsoft wants $30 if you want to delay Windows 11 switch (source)
- Microsoft delays Windows Recall again, now by December (source)
- Microsoft Delays Windows Copilot+ Recall Release Over Privacy Concerns (source)
- Week in review: Windows Themes spoofing bug “returns”, employees phished via Microsoft Teams (source)
- Microsoft confirms Windows Server 2025 blue screen, install issues (source)
- Microsoft Notepad to get AI-powered rewriting tool on Windows 11 (source)
- Microsoft says recent Windows 11 updates break SSH connections (source)
- Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-14 | CVE-2023-24880 | Incorrect Authorization vulnerability in Microsoft products Windows SmartScreen Security Feature Bypass Vulnerability | 0.0 |
2022-12-13 | CVE-2022-44698 | Improper Handling of Exceptional Conditions vulnerability in Microsoft products Windows SmartScreen Security Feature Bypass Vulnerability | 0.0 |