Microsoft fixes exploited zero-day vulnerability in Windows

Microsoft has fixed a security vulnerability that permitted malicious hackers to circumvent Windows SmartScreen security and distribute Magniber ransomware and Qbot malware payloads.

This comes after Microsoft has been working to fix it since late October, when HP’s threat intelligence team issued the first warning after the vulnerability was exploited multiple times in the wild.

The infected standalone JavaScript files were used to exploit the CVE-2022-44698 zero-day vulnerability and circumvent Windows’ Mark-of-the-Web security warnings.

The CVE-2022-44698 vulnerability was exploitable via three attack vectors: First, In a web-based attack scenario, an attacker could host a malicious website that exploits the security feature bypass.

Second, To exploit the bypass in an email or instant message attack scenario, the attacker could send the targeted user a specially crafted.url file. Third, compromised websites or websites that accept or host user-provided content may contain specially crafted content designed to circumvent security features.

Qbot (AKA Quakbot) is an old and well-known banking trojan that continues to pose a significant threat to victims by tricking them into opening malicious files or visiting attacker-controlled websites.

The sources for this piece include an article in BleepingComputer.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web