An unofficial patch has been made available for an actively exploited security flaw in Microsoft Windows
While files downloaded from the internet in Windows are tagged with a MotW flag to prevent unauthorized actions, it has since been found that corrupt Authenticode signatures can be used to allow the execution of arbitrary executables without any SmartScreen warning.
Authenticode is a Microsoft code-signing technology that authenticates the identity of the publisher of a particular piece of software and verifies whether the software was tampered with after it was signed and published.
Now according to 0patch co-founder Mitja Kolsek, the zero-day bug is the result of SmartScreen returning an exception when parsing the malformed signature, which is incorrectly interpreted as a decision to run the program rather than trigger a warning.
“Attackers therefore understandably prefer their malicious files not being marked with MOTW; this vulnerability allows them to create a ZIP archive such that extracted malicious files will not be marked,” Kolsek said.