Actively exploited Windows MoTW zero-day gets unofficial patch

A free unofficial patch has been released for an actively exploited zero-day that allows files signed with malformed signatures to bypass Mark-of-the-Web security warnings in Windows 10 and Windows 11.

Last weekend, BleepingComputer reported that threat actors were using stand-alone JavaScript files to install the Magniber ransomware on victims’ devices.

When a user downloads a file from the Internet, Microsoft adds a Mark-of-the-Web flag to the file, causing the operating system to display security warnings when the file is launched, as shown below.

Read more…
Source: Bleeping Computer