HomeTechnologyWindows trusted file label bypass gets unofficial patch

Technology

Windows trusted file label bypass gets unofficial patch

2 minute read

A loophole that allowed threat actors to bypass windows Mark of the Web (MotW) security mechanism features unofficial repair thanks to micropatching 0 patch (Opens in a new tab).

The Ministry of Commerce and Industry automatically marks all files and executables downloaded from unreliable online sources, including zip archives.

Various versions of the patch are now available for Windows 10 v1803 and later, Windows 7 with or without Extended Security Updates (ESU), Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012, and Windows Server 2012 R2, and Windows Server 2008 R2 with or without ESU.

Mishandling of ZIP files

MOTW, in flagging files and archives from untrusted sources, tells system administrators to be extra careful, and displays messages warning them that running an untrusted file could compromise the system.

However, according to Computer (Opens in a new tab)Last summer, Will Dorman, Senior Vulnerability Analyst at ANALYGENCE, discovered that zip archives did not properly add necessary MoTW tags, exposing many users to the risk of malware, ransomware, and a myriad of other issues.

inside Recent Twitter thread (Opens in a new tab)Dorman claims to have reported the issue to Microsoft in August 2022, and he also claims that the company opened and read the report, but it hasn’t yet done so. revision (Opens in a new tab) Element.

Until that happens, users can head to 0patch, register an account, and install the proxy themselves. After that, the patches will be applied automatically once the agent is started, and will not require a system restart.

Microsoft neglected to patch the vulnerability even though it has become a common vulnerability for attackers since Dormann was revealed last summer.

It is not clear now whether the 0patch action will motivate Microsoft to act officially to protect more systems by pushing an official patch, although the report of the bug being ignored for more than 90 days does not bode well.

Across: Computer (Opens in a new tab)

Unlock devices for AI infrastructure

At the OCP Summit 2022, we are announcing Grand Teton, the next generation

Rob Albritton promoted to Vice President of Center of Excellence for Artificial Intelligence at Octo

Rob Albritton Reston, Virginia – (work wire) – Senior Director of

The Latest

IT Industry Can’t Run Without VPN: Chairman PTA
A meeting of the Senate Standing Committee on IT and Telecom was held under the

November 18, 2024
2 minute read
The Council of Islamic Ideology declared the use of VPN illegal
Allama Raghib Naimi, Chairman of the Council of Islamic Ideology, said in this

November 15, 2024
1 minute read
World Bank Consultant Presents Chairman PITB With His Book ‘Technology in Policing’
Punjab Information Technology Board (PITB) Chairman Faisal Yousaf was presented

August 27, 2024
1 minute read
Pakistan IT Industry at Risk: Firewall Causing Mass Exodus of Companies
Pakistan’s burgeoning Information Technology (IT) sector is facing an

August 18, 2024
2 minute read

Weekly Must-ReadsView All

IT Industry Can’t Run Without VPN: Chairman PTA

The Council of Islamic Ideology declared the use of VPN illegal

World Bank Consultant Presents Chairman PITB With His Book ‘Technology in Policing’

Pakistan IT Industry at Risk: Firewall Causing Mass Exodus of Companies

Popular Topics

Trending NowView All

IT Industry Can’t Run Without VPN: Chairman PTA

The Council of Islamic Ideology declared the use of VPN illegal

World Bank Consultant Presents Chairman PITB With His Book ‘Technology in Policing’

Pakistan IT Industry at Risk: Firewall Causing Mass Exodus of Companies

Windows trusted file label bypass gets unofficial patch

Leave a Reply Cancel reply

Unlock devices for AI infrastructure

Rob Albritton promoted to Vice President of Center of Excellence for Artificial Intelligence at Octo

IT Industry Can’t Run Without VPN: Chairman PTA

The Council of Islamic Ideology declared the use of VPN illegal

World Bank Consultant Presents Chairman PITB With His Book ‘Technology in Policing’

Pakistan IT Industry at Risk: Firewall Causing Mass Exodus of Companies

4TH Financial Crime Summit Highlights Critical Challenges & Proposes Solutions

I tried a cordless vacuum cleaner with two batteries, but it didn’t speed up the cleaning process

US government apps are found using a Russian code

Big data affecting insurance underwriting

Weekly Must-ReadsView All

IT Industry Can’t Run Without VPN: Chairman PTA

The Council of Islamic Ideology declared the use of VPN illegal

World Bank Consultant Presents Chairman PITB With His Book ‘Technology in Policing’

Pakistan IT Industry at Risk: Firewall Causing Mass Exodus of Companies

IT Industry Can’t Run Without VPN: Chairman PTA

The Council of Islamic Ideology declared the use of VPN illegal

World Bank Consultant Presents Chairman PITB With His Book ‘Technology in Policing’

Pakistan IT Industry at Risk: Firewall Causing Mass Exodus of Companies

Windows trusted file label bypass gets unofficial patch

Leave a Reply Cancel reply

Unlock devices for AI infrastructure

Rob Albritton promoted to Vice President of Center of Excellence for Artificial Intelligence at Octo

IT Industry Can’t Run Without VPN: Chairman PTA

The Council of Islamic Ideology declared the use of VPN illegal

World Bank Consultant Presents Chairman PITB With His Book ‘Technology in Policing’

Pakistan IT Industry at Risk: Firewall Causing Mass Exodus of Companies

You May Also Like

4TH Financial Crime Summit Highlights Critical Challenges & Proposes Solutions

I tried a cordless vacuum cleaner with two batteries, but it didn’t speed up the cleaning process

US government apps are found using a Russian code

Big data affecting insurance underwriting