A loophole that allowed threat actors to bypass windows Mark of the Web (MotW) security mechanism features unofficial repair thanks to micropatching 0 patch (Opens in a new tab).
The Ministry of Commerce and Industry automatically marks all files and executables downloaded from unreliable online sources, including zip archives.
Various versions of the patch are now available for Windows 10 v1803 and later, Windows 7 with or without Extended Security Updates (ESU), Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012, and Windows Server 2012 R2, and Windows Server 2008 R2 with or without ESU.
Mishandling of ZIP files
MOTW, in flagging files and archives from untrusted sources, tells system administrators to be extra careful, and displays messages warning them that running an untrusted file could compromise the system.
However, according to Computer (Opens in a new tab)Last summer, Will Dorman, Senior Vulnerability Analyst at ANALYGENCE, discovered that zip archives did not properly add necessary MoTW tags, exposing many users to the risk of malware, ransomware, and a myriad of other issues.
inside Recent Twitter thread (Opens in a new tab)Dorman claims to have reported the issue to Microsoft in August 2022, and he also claims that the company opened and read the report, but it hasn’t yet done so. revision (Opens in a new tab) Element.
Until that happens, users can head to 0patch, register an account, and install the proxy themselves. After that, the patches will be applied automatically once the agent is started, and will not require a system restart.
Microsoft neglected to patch the vulnerability even though it has become a common vulnerability for attackers since Dormann was revealed last summer.
It is not clear now whether the 0patch action will motivate Microsoft to act officially to protect more systems by pushing an official patch, although the report of the bug being ignored for more than 90 days does not bode well.
Across: Computer (Opens in a new tab)