{"id":474329,"date":"2022-12-15T10:48:57","date_gmt":"2022-12-15T08:48:57","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=474329"},"modified":"2022-12-15T11:02:39","modified_gmt":"2022-12-15T09:02:39","slug":"microsoft-patches-actively-exploited-windows-zero-day-vulnerability","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/474329-microsoft-patches-actively-exploited-windows-zero-day-vulnerability.html","title":{"rendered":"Microsoft patches actively exploited Windows zero-day vulnerability"},"content":{"rendered":"<p>Microsoft has patched a <strong><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2022-44698\" target=\"_blank\" rel=\"noopener\">zero-day vulnerability<\/a><\/strong> that let malicious actors bypass Windows SmartScreen to deliver Qbot malware and Magniber ransomware payloads.<\/p>\n<p>Threat actors exploited the flaw by using JavaScript files to get around the Mark of the Web (MOTW) security warnings displayed by the operating system.<\/p>\n<p>&#8220;An attacker can craft a malicious file that would evade MOTW defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging,&#8221; Microsoft said.<\/p>\n<p>The vulnerability \u2014 tracked as CVE-2022-44698 \u2014 was exploitable through three attack vectors:<\/p>\n<ul>\n<li>In a web-based attack scenario, an attacker could host a malicious website that exploits the security feature bypass.<\/li>\n<li>In an email or instant message attack scenario, the attacker could send the targeted user a specially crafted .url file designed to exploit the bypass.<\/li>\n<li>Compromised websites or websites that accept or host user-provided content could contain specially crafted content to exploit the security feature bypass.<\/li>\n<\/ul>\n<p>For any of the above scenarios to work, the attacker would need to dupe the targets into opening malicious files or navigating to attacker-controlled websites.<\/p>\n<p>According to <strong><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/microsoft-patches-windows-zero-day-used-to-drop-ransomware\/\" target=\"_blank\" rel=\"noopener\">Bleeping Computer<\/a><\/strong>, attackers exploited the vulnerability multiple times in the wild.<\/p>\n<p>In October 2022, phishing attacks were found to be distributing <strong><a href=\"https:\/\/mybroadband.co.za\/news\/security\/466767-actively-exploited-windows-mark-of-the-web-flaw-gets-unofficial-patch.html\">the Magniber ransomware<\/a><\/strong>, causing SmartCheck errors and allowing the malicious files to execute without alerting the target.<\/p>\n<p>In November, attackers exploited the same flaw to deliver the Qbot malware without displaying MOTW warnings.<\/p>\n<hr \/>\n<h2 class=\"my-4\">Now read: <a href=\"https:\/\/mybroadband.co.za\/news\/security\/474315-twitter-suspends-accounts-that-track-private-jets.html\" rel=\"bookmark\">Twitter suspends accounts that track private jets<\/a><\/h2>\n","protected":false},"excerpt":{"rendered":"<p>Attackers exploited the flaw to bypass Windows SmartScreen and Mark of the Web security warnings.<\/p>\n","protected":false},"author":341076,"featured_media":452194,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[83347,82371,123,83345,83349,807],"class_list":["post-474329","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-magniber-ransomware","tag-mark-of-the-web","tag-microsoft","tag-qbot-malware","tag-smartcheck","tag-windows"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/474329"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341076"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=474329"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/474329\/revisions"}],"predecessor-version":[{"id":474383,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/474329\/revisions\/474383"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/452194"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=474329"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=474329"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=474329"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}