Bypass for Windows trusted file label gets unofficial patch

Scammers
(Image credit: Pixabay)

A vulnerability that allowed threat actors to bypass the Windows Mark of the Web (MotW) security mechanism has an unofficial fix thanks to micropatching service 0patch.

MoTW automatically flags all files and executables that were downloaded from untrusted sources via the internet, including zipped archives.

Various versions of the patch are now available for Windows 10 v1803 and later, Windows 7 with or without Extended Security Updates (ESU), Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2008 R2 with or without ESU.

Mishandling ZIP archives

MOTW, in flagging files and archives from untrusted sources, tells system admins to be extra careful,  displaying messages warning them that running an untrusted file could result in system compromization.

However, according to BleepingComputer, Will Dormann, a senior vulnerability analyst at ANALYGENCE, discovered last summer that .zip archives weren’t properly adding the necessary MoTW tags, placing many users at risk of malware, ransomware, and a myriad of other issues. 

In a recent Twitter thread, Dormann claims to have reported the issue to Microsoft in August 2022, an He also alleges that the company have opened and read the report, but is yet to patch it. 

Until that happens, users can head over to 0patch, register an account, and install the agent themselves. After that, the patches will be applied automatically as soon as the agent is started, and won't require a system restart.

Microsoft has neglected to patch the vulnerability despite having becoming a popular bug exploit for attackers since Dormann's disclosure last Summer. 

It's not clear right now whether 0patch's action will spur Microsoft into acting officially to protect more systems by pushing an official patch, although the bug report going ignored for over 90 days doesn't bode well.

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A computer being guarded by cybersecurity.
Worrying Windows security issue patched by 7-Zip, so patch now
Avast cybersecurity
An unpatched Windows zero-day flaw has been exploited by 11 nation-state attackers
Representational image of a cybercriminal
Microsoft discovers five potentially damaging attacks against its own software
Flag of the People's Republic of China overlaid with a technological network of wires and circuits.
One of the biggest flaws exploited by Salt Typhoon hackers has had a patch available for years
The best free firewall
Microsoft fixes Power Pages security flaw, tells users to be on their guard
Outlook
Dangerous Microsoft Outlook flaw could let hackers send out malware via email
Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Zendesk Relate 2025
Zendesk Relate 2025 - everything you need to know as the event unfolds
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Google Gemini AI
Gemini can now see your screen and judge your tabs
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand