A cybersecurity company has released a free unofficial patch to fix an actively exploited Windows bug that allows files signed with erroneous signatures to avoid Mark-of-the-Web security warnings in Windows 10 and 11.
It turns out that it is possible to bypass this feature and not attach the MotW flag to files downloaded from the Internet, thus bypassing all protection mechanisms when opening them. For example, an attacker could prevent Windows from placing the MotW flag on files extracted from an untrusted ZIP archive. Scammers could exploit this vulnerability to cause users to open ZIP archives and execute malicious software without triggering the expected security precautions.
Since this zero-day vulnerability is actively used for ransomware attacks, the micro-patching service 0patch has decided to release an unofficial fix that can be used until Microsoft releases an official security update.
A Microsoft spokesman said of the latest vulnerability: “We are aware of the technique and are investigating to determine the appropriate steps to address the issue.”
The sources for this piece include an article in TheRegister.