Skip to main content

Windows Mark of the Web Zero-Days Remain Patchless, Under Exploit

posted onOctober 25, 2022
by l33tdawg
Dark Reading
Credit: Dark Reading

Two separate vulnerabilities exist in different versions of Windows that allow attackers to sneak malicious attachments and files past Microsoft's Mark of the Web (MOTW) security feature.

Attackers are actively exploiting both issues, according to Will Dormann, a former software vulnerability analyst with CERT Coordination Center (CERT/CC) at Carnegie Mellon University, who discovered the two bugs. But so far, Microsoft has not issued any fixes for them, and no known workarounds are available for organizations to protect themselves, says the researcher, who has been credited with discovering numerous zero-day vulnerabilities over his career.

MotW is a Windows feature designed to protect users against files from untrusted sources. The mark itself is a hidden tag that Windows attaches to files downloaded from the Internet. Files that carry the MotW tag are restricted in what they do and how they function. For example, starting with MS Office 10, MotW-tagged files open by default in Protected View, and executables are first vetted for security issues by Windows Defender before they are allowed to run.

Source

Tags

Industry News

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th