Windows Mark of the Web Zero-Days Remain Patchless, Under Exploit

26-Oct-22

According to the former CERT CC researcher who discovered the flaws, a pair of Microsoft bugs allow cyberattackers to circumvent native Windows Internet download security. Two separate vulnerabilities exist in different versions of Windows that allow attackers to bypass Microsoft’s Mark of the Web (MoTW) security feature. According to Will Dormann, a former software vulnerability analyst with Carnegie Mellon University’s CERT Coordination Center (CERT/CC) who discovered the two bugs, attackers are actively exploiting both issues. However, no fixes have been issued by Microsoft, and no known workarounds are available for organisations to protect themselves, according to the researcher, who has been credited with discovering numerous zero-day vulnerabilities throughout his career. Read More…