Security News > 2023 > March > Microsoft squashes Windows bug exploited to inflict ransomware misery

Microsoft squashes Windows bug exploited to inflict ransomware misery
2023-03-14 19:01

Criminals are exploiting a Microsoft SmartScreen bug to deliver Magniber ransomware, potentially infecting hundreds of thousands of devices, without raising any security red flags, according to Google's Threat Analysis Group.

Redmond has patched the Windows-Office vulnerability, tracked as CVE-2023-24880, today in its monthly Patch Tuesday event.

It's related to a similar Windows SmartScreen security feature bypass vulnerability, CVE-2022-44698, which Microsoft patched in December - but not before miscreants found it and used it to sling the same malware.

Both vulnerabilities allow crooks to bypass this feature, which means their victims can download malicious files packed with ransomware that do not carry the MotW flag, which would trigger this added layer of security.

While miscreants used JScript files to deliver Magniber ransomware via the earlier bug, the new campaign uses Microsoft Software Installer files with a different type of malformed signature, according to TAG. The Google threat hunters have documented more than 100,000 downloads of the malicious MSI files since January 2023, and said over 80 percent of these were downloaded by European users, which is notable because Magniber usually targets victims in South Korea and Taiwan.

In the fall, security researchers discovered ransomware campaigns, first Magniber and then Qakbot, exploiting the Windows bug and bypassing Microsoft's MotW. They did this using a JScript file with a malformed signature that forced the SmartScreen request to return an error and trigger the default option - thus bypassing MotW and allowing the victim to open the file without triggering the security warning.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/03/14/windows_ransomware_zero_day_patched/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-03-14 CVE-2023-24880 Incorrect Authorization vulnerability in Microsoft products
Windows SmartScreen Security Feature Bypass Vulnerability
0.0
2022-12-13 CVE-2022-44698 Improper Handling of Exceptional Conditions vulnerability in Microsoft products
Windows SmartScreen Security Feature Bypass Vulnerability
0.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2820 161 4400