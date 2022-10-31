A free unofficial patch is available for a Mark-of-the-web (MoTW) security vulnerability impacting Windows 10 and 11, Bleeping Computer reports.

The actively exploited zero-day flaw lets files signed with malformed signatures bypass MoTW security warnings on the operating systems.

Senior vulnerability analyst at Analygence, Will Dorman, discovered that the Magniber JavaScript files used to exploit the vulnerability were digitally signed using a malformed signature.

When downloading a file from the Internet in Windows 10 and 11, Microsoft adds MoTW flags so that users are presented with security warnings when the file is launched.

However, Bleeping Computer found that while these Magniber JavaScript files contained MoTW flags, Windows failed to display security warnings when launching them.

Instead of presenting a security warning to users, Windows automatically allowed the programs to run due to the malformed signatures.

Opatch co-founder Mitja Kolsek explained that Windows SmartScreen couldn’t parse the malformed signatures, which allowed the programs to run without displaying a warning or an error message.

“The malformed signature discovered by Patrick and Will caused SmartScreen.exe to throw an exception when the signature could not be parsed, resulting in SmartScreen returning an error,” Kolsek said.

“Which we now know means ‘Run’.”

Kolsek warned that Opatch’s fix adds protection for most scenarios but specified that there could be some situations that bypass the patch.

“While our patch fixes the most obvious flaw, its utility depends on the application opening the file using function DoSafeOpenPromptForShellExe in shdocvw.dll and not some other mechanism,” Kolsek said.

“We’re not aware of another such mechanism in Windows, but it could technically exist.”

Opatch developed free patches for the following affected Windows versions:

Windows 11 v21H2

Windows 10 v21H2

Windows 10 v21H1

Windows 10 v20H2

Windows 10 v2004

Windows 10 v1909

Windows 10 v1903

Windows 10 v1809

Windows 10 v1803

Windows Server 2022

Windows Server 2019

