Bypass for Windows trusted file label gets unofficial patch
As users wait for Microsoft to patch the flaw, other devs step in
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
A vulnerability that allowed threat actors to bypass theWindowsMark of the Web (MotW) security mechanism has an unofficial fix thanks to micropatching service0patch.
MoTW automatically flags all files and executables that were downloaded from untrusted sources via the internet, including zipped archives.
Various versions of the patch are now available forWindows 10v1803 and later,Windows 7with or without Extended Security Updates (ESU), Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2008 R2 with or without ESU.
Mishandling ZIP archives
MOTW, in flagging files and archives from untrusted sources, tells system admins to be extra careful, displaying messages warning them that running an untrusted file could result in system compromization.
However, according toBleepingComputer, Will Dormann, a senior vulnerability analyst at ANALYGENCE, discovered last summer that .zip archives weren’t properly adding the necessary MoTW tags, placing many users at risk of malware, ransomware, and a myriad of other issues.
In arecent Twitter thread, Dormann claims to have reported the issue toMicrosoftin August 2022, an He also alleges that the company have opened and read the report, but is yet topatchit.
Until that happens, users can head over to 0patch, register an account, and install the agent themselves. After that, the patches will be applied automatically as soon as the agent is started, and won’t require a system restart.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Here’s our rundown of the best antivirus software today
This new Windows update tool could solve your biggest headache>Microsoft Patch Tuesday update has broken another really important software
Microsoft has neglected to patch the vulnerability despite having becoming a popular bug exploit for attackers since Dormann’s disclosure last Summer.
It’s not clear right now whether 0patch’s action will spur Microsoft into acting officially to protect more systems by pushing an official patch, although the bug report going ignored for over 90 days doesn’t bode well.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)
