October 3, 2023

0patch released an unofficial patch for an actively exploited security vulnerability in Microsoft Windows that allows bypassing Mark-of-the-Web (MotW) protections by using files signed with malformed signatures.

The issue affects all supported and multiple legacy Windows versions. A recent Magniber campaign targeting Windows home users with fake security updates.

Researcher explained that malicious files extracted from the attacker’s ZIP files were executed without security warnings even if they missed the Mark of the Web.

Advertisements

To protect from unauthorized actions, files downloaded from the internet in Windows are tagged with a MotW flag. The corrupt Authenticode signatures allow the execution of arbitrary executables without any SmartScreen warning.

Windows fails to properly parse the signature and for this reason, trusts them and lets malicious executables execute without a warning.

The malformed signature discovered will caused SmartScreen.exe to throw an exception when the signature could not be parsed, resulting in SmartScreen returning an error.

Tags:

Leave a Reply

You may have missed

Industrial Control Systems and Vulnerability Management Process

October 2, 2023

McLaren Healthcare suffers a Ransomware Incident

October 2, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – September, 2023

October 2, 2023

TheCyberThrone Security Week In Review – September 30, 2023

October 1, 2023

Mozilla fixes CVE-2023-5217 Vulnerability in its Products

September 30, 2023

CISA KEV Update Part III – September 2023

September 30, 2023
%d bloggers like this: