![]() When this archive is opened in Windows Explorer, the MoTW flag will not be propagated to the read-only file and bypasses security warnings.īoth of these vulnerabilities were fixed as part of the November Windows security updates for CVE-2022-41049. The second bug, dubbed ' ZippyReads,' can be exploited simply by creating a ZIP file containing a read-only file. In a VM with no network (so we clearly see the SS warning), we have calc.exe from XP in a zip: I can't tell how Windows decides how to scan/prompt downloads. ![]() ![]() Let's take the corrupt-authenticode bug out of the picture. The first bug causes Windows SmartScreen to fail on Windows 11 22H2 and bypass Mark of the Web warnings when opening files directly from ZIP archives. In addition to fixing ISO MoTW propagation, the November updates also fixed two MoTW bugs discovered and reported by Will Dormann, a senior vulnerability analyst at ANALYGENCE, with one actively exploited in the wild by threat actors. Source: BleepingComputer Two other MoTW bugs fixed Mark of the Web propagated to files inside an ISO Therefore, if a user opens an ISO attachment and double-clicks the enclosed LNK file, it will run automatically without Windows displaying a security warning, as demonstrated below. While a downloaded or attached ISO file will contain the Mark of the Web and issue a warning when opened, the bug caused the MoTW flag not to be propagated to non-Microsoft Office file types, such as Windows Shortcuts (LNK files). Since Windows 8, it is possible to open an ISO file by double-clicking on it, causing Windows to mount it as a DVD drive under a new drive letter. Included in the updates was an unexpected fix for a bug that threat actors commonly abuse in phishing campaigns.Īccording to Bill Demirkapi, an engineer in Microsoft MSRC's Vulnerability and Mitigations team, a bug was fixed that prevented the MoTW flag from propagating to files inside an ISO disk image.įor some time, threat actors have been distributing ISO disk images as attachments in phishing campaigns to infect targets with malware. Source: BleepingComputer Microsoft fixes Mark of the Web in ISOsĪs part of the November Patch Tuesday updates, Microsoft fixed numerous vulnerabilities that allowed threat actors to craft files that can bypass the Mark of the Web security feature.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |