Security researchers have discovered a critical 0-day vulnerability in Windows Server 2012 and Server 2012 R2. This previously unknown security flaw allows attackers to bypass the Mark of the Web (MoTW) verification on certain files. The MoTW is a security feature used by Windows to identify files downloaded from the internet, and bypassing it means that malicious files can be executed without triggering security warnings.
The vulnerability, which was introduced over two years ago, has managed to evade detection despite the high level of scrutiny applied to Windows Server systems. Even servers that have been fully updated with Extended Security Updates are vulnerable. This discovery underscores the persistent challenges in maintaining security in older software systems.
The researchers, withholding detailed information to prevent potential exploitation, have notified Microsoft about the critical 0-day vulnerability in Windows Server 2012 and Server 2012 R2. As a temporary measure, they have issued micropatches through 0Patch to protect affected systems until an official fix is released by Microsoft.
The micro patches cover the following configurations:
- Legacy Windows Versions:
- Windows Server 2012 updated to October 2023
- Windows Server 2012 R2 updated to October 2023
- Windows Versions Still Receiving Windows Updates:
- Windows Server 2012 with Extended Security Updates
- Windows Server 2012 R2 with Extended Security Updates
The discovery of flaw poses a significant threat to affected systems as it can allow the execution of malicious code without the user’s knowledge, potentially leading to data breaches, unauthorized access, and other security incidents. It’s crucial for organizations using these server versions to apply any available patches promptly and consider upgrading to more recent, fully supported versions to mitigate the risk.
Useful post.