Windows 10 And 11 Security Feature Alerts Bypassed By Attackers

Two zero-day vulnerabilities have been confirmed for Windows 10 and 11 users as the latest Patch Tuesday security update from Microsoft starts rolling out.

CVE-2022-44698 is one of two Zero-Day Windows vulnerabilities that have been fixed in the latest Microsoft Patch Tuesday security update. This vulnerability, which Microsoft confirms it has already detected being exploited, impacts most versions of Windows and sits within the SmartScreen security feature. Mike Walters, vice president of Vulnerability and Threat Research at Action1, warns that this “affects all Windows OS versions starting from Windows 7 and Windows Server 2008 R2. The vulnerability has low complexity. It uses the network vector and requires no privilege escalation.”

Yet another Mark of the Web security issue for Windows users

Specifically, an attacker is able to create a file that can get around the Mark of the Web defense that is essential to features such as the protected view in Microsoft Office, for example. Windows SmartScreen checks for a Mark of the Web zone identifier to determine if the file being executed originates from the internet and, if so, performs a further reputational check. “An attacker with malicious content that would normally provoke a security alert could bypass that notification and thus infect even well-informed users without warning,” Paul Ducklin, writing for the Sophos Naked Security blog, said.

MORE FROM FORBESZero-Day Hackers Breach Samsung Galaxy S22 Twice In 24 Hours

Will Dormann, who is credited with disclosing the vulnerability in the Microsoft security update guide, has been warning of numerous Mark of the Web vulnerabilities for the past six months. Only last month, Microsoft patched CVE-2022-41091, which was a Mark of the Web vulnerability, also being actively exploited by attackers.

Microsoft provides confirmed three potential attack scenarios, but doesn’t provide any further detail of which the exploits it has seen in the wild are using. Those three scenarios are as follows:

  • A web-based attack using a malicious website
  • An email, or instant message, attack which…