A pair of Microsoft bugs allow cyberattackers to bypass native Windows Internet download security, says former CERT CC researcher who discovered the flaws.
October 25, 2022 By Jai Vijayan
Two separate vulnerabilities exist in different versions of Windows that allow attackers to sneak malicious attachments and files past Microsoft's Mark of the Web (MOTW) security feature.
Attackers are actively exploiting both issues, according to Will Dormann, a former software vulnerability analyst with CERT Coordination Center (CERT/CC) at Carnegie Mellon University, who discovered the two bugs. But so far, Microsoft has not issued any fixes for them, and no known workarounds are available for organizations to protect themselves, says the researcher, who has been credited with discovering numerous zero-day vulnerabilities over his career.
