0patch, a platform for unofficial security patches, has released patches to address a zero-day vulnerability in the Mark of the Web (Motw) mechanism of the Windows operating system that was discovered over two years ago. This vulnerability enables the bypassing of important security markers that Windows applies to files from untrusted sources.
Motw automatically marks uploaded files to alert users of potential threats, aiding applications like Microsoft Office and web browsers in assessing risks when opening such files. However, the vulnerability allows certain file types to evade this protective mechanism.
Co-founder of 0patch, Mitya Kolkhki, identified the issue on Windows Server and 2012 R2 systems, noting that the bug persists even on systems with the latest updates and the Extended Security Updates program, potentially allowing attacks to go undetected.
Acros Security, the parent company of 0patch, is withholding details of the vulnerability temporarily to prevent potential attacks until official patches from Microsoft are released. In the meantime, users can install free micropatches for Windows Server 2012 and 2012 R2, which were last updated in October 2023.
Installation of the patches requires users to register an account on 0patch and activate the agent, after which updates are applied automatically without the need for system reboot. This is particularly crucial for outdated versions of Windows that no longer receive official security updates.
Mitya Kolkhki emphasized that such vulnerabilities are regularly discovered and exploited by attackers. 0patch’s solutions aim to safeguard systems that may no longer receive updates from Microsoft for various reasons, enhancing overall security measures.