Opatch, a security-patch solutions firm, released an unofficial patch (program fix) for an actively exploited Mark-of-the-Web (MotW) Windows vulnerability. The zero-day flaw impacted Windows 10 and 11 users, allowing files signed with malformed signatures to bypass Windows MotW security warnings.
The Mark-of-the-Web security warning feature on Windows protects users against untrusted file sources. The mark itself is a tag Windows pins to files your download from the Internet. Files with the MotW tag are restricted in what they can do, and Windows usually won’t let them run without first warning you.
What Was the Vulnerability? Who Found It? Who Fixed It?
A Microsoft code-signing tool called Authenticode confirms the publisher’s identity and checks to see whether the software has been tampered with after being signed and published.
When you download a file or program from the web, Microsoft usually displays a dialogue box showing the publisher’s name. If the publisher is unknown or the software has been modified since publishing, Microsoft adds a MotW file, giving you a security warning about the program.
Microsoft spoke with BleepingComputer mentioning they were aware of the vulnerability and were investigating it.
The security issue was discovered by Will Dorman, Analygence’s senior vulnerability analyst. In relation to the issue, he tweeted “If the file has this malformed Authenticode signature, the SmartScreen and/or file-open warning dialog will be skipped regardless of script’s contents, as if there is no MotW on the file.”
The patch arrived weeks after HP Wolf Security sounded the alarm about Magniber JavaScript ransomware targeting users with file-encrypting malware. What’s unique about the Magniber JavaScript, is that despite having the Mark-of-the-Web flag, Microsoft SmartScreen failed to flag it and warn users against downloading or running the program.
Versions of Windows Affected by Magniber
The digitally signed, malformed signature by Magniber allowed the malwareto bypass Microsoft security, and Windows would allow the program to run by default.
According to Mitja Kolsek, co-founder of Opatch, attackers “prefer their malicious files not being marked with MotW; this vulnerability allows them to create a ZIP archive such that extracted malicious files will not be marked.”
He also warned that while the patch “fixes the most obvious flaw,” there could technically be some situations that bypass the fix.
While Microsoft has yet to release an official fix to the bug, Opatch released a free patch available to Windows users. Affected versions of Windows include:
-
-
-
-
- Windows 11 v21H2
- Windows 10 v21H2, Windows 10 v21H1, Windows 10 v20H2, Windows 10 v2004
- Windows 10 v1909, Windows 10 v1903, Windows 10 v1809, Windows 10 v1803
- Windows Server 2022
- Windows Server 2019
-
-
-
How to Get the Free Patch?
To get the free fix released by Opatch to secure your Windows device, you’ll need to create a free account with them. Then, you’ll have to install its agent. Once you’ve done that, the patches will be applied automatically. You won’t even need to reboot your computer.
Amid intensifying dependence on digital devices, cybersecurity is a growing concern for people around the world. To protect yourself from threats, always ensure devices are up to date, install an anti-malware system, and use a military-grade VPN to protect your identity.
Leave a comment