There is an unofficial patch from 0patch for a Zero-Day flaw in Microsoft Windows that allows bypassing the MotW (Mark-of-the-Web) protections that are built into the operating system and at moment it’s actively exploited.
By utilizing files signed with malformed signatures, this zero-day flaw is able to bypass MotW protections. Various legacy Windows versions as well as all versions that are supported by Microsoft are affected by the issue.
It has been determined by cybersecurity analysts that the Magniber ransomware was being installed on victims’ devices with the help of stand-alone JavaScript files by threat actors.
Microsoft adds a Mark-of-the-Web flag to a file that is downloaded from the Internet by a user when they click on it. Upon launching the file, the OS displays a security warning that indicates that the file has security issues.
Magniber JavaScript files are completely different from their counterparts. As for these files, no security warnings were shown, though the files contained a MoTW and were launched from Windows.
It was uncovered by a senior vulnerability analyst at ANALYGENCE, Will Dormann that one of the JavaScript files contained a malformed digital signature that was being used for signing them.
As a result, upon opening a file containing malformed signatures, the program will automatically be run by Microsoft Windows by default.
While apart from this, Windows SmartScreen not being able to parse the malformed signature in a file causes this bug to occur.
As a result, Windows will unnecessarily permit a program to run when SmartScreen cannot parse the signature instead of raising an error message.
0patch released this unofficial security patch to fix this flaw since it’s a critical zero-day vulnerability and is exploited by threat actors vigorously in the wild.
Why this patch has been tagged as “Unofficial”?
This patch is tagged as unofficial due to its release source, in short, this patch has not been released by Microsoft itself.
But, until the release of any official patch from Microsoft, users can use this security patch to keep their systems protected against threat actors exploiting this zero-day flaw.
Due to this zero-day vulnerability, multiple Windows versions are affected and here below we have mentioned all the affected versions of Windows that are eligible for the free micropatches:-
The installation process for this micropatch will require an account on the 0patch website, and it can be created for free. Once done, you’ll need to download its agent for your Windows device which will automatically install this patch.
A critical command injection vulnerability in the popular systeminformation npm package has recently been disclosed, exposing millions…
Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer through…
An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the initial…
A seemingly benign health app, "BMI CalculationVsn," was found on the Amazon App Store, which…
The Lazarus Group has recently employed a sophisticated attack, dubbed "Operation DreamJob," to target employees…
NodeStealer, initially a JavaScript-based malware, has evolved into a more sophisticated Python-based threat that targets…