A vulnerability that allowed threat actors to bypass the Windows Mark of the Web (MotW) security mechanism has an unofficial fix thanks to micropatching service 0patch (opens in new tab).
MoTW automatically flags all files and executables that were downloaded from untrusted sources via the internet, including zipped archives.
Various versions of the patch are now available for Windows 10 v1803 and later, Windows 7 with or without Extended Security Updates (ESU), Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2008 R2 with or without ESU.
Mishandling ZIP archives
MOTW, in flagging files and archives from untrusted sources, tells system admins to be extra careful, displaying messages warning them that running an untrusted file could result in system compromization.
However, according to BleepingComputer (opens in new tab), Will Dormann, a senior vulnerability analyst at ANALYGENCE, discovered last summer that .zip archives weren’t properly adding the necessary MoTW tags, placing many users at risk of malware, ransomware, and a myriad of other issues.
In a recent Twitter thread (opens in new tab), Dormann claims to have reported the issue to Microsoft in August 2022, an He also alleges that the company have opened and read the report, but is yet to patch (opens in new tab) it.
Until that happens, users can head over to 0patch, register an account, and install the agent themselves. After that, the patches will be applied automatically as soon as the agent is started, and won't require a system restart.
Microsoft has neglected to patch the vulnerability despite having becoming a popular bug exploit for attackers since Dormann's disclosure last Summer.
It's not clear right now whether 0patch's action will spur Microsoft into acting officially to protect more systems by pushing an official patch, although the bug report going ignored for over 90 days doesn't bode well.
Via: BleepingComputer (opens in new tab)
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba