Unofficial patch issued for exploited Windows Mark of the Web bug

Micropatching service 0patch has developed free unofficial fixes aimed at addressing a zero-day vulnerability within the Windows Mark of the Web security mechanism, which has since been exploited by threat actors, BleepingComputer reports. Such a flaw, which has not yet been patched by Microsoft despite being reported to the company in July, could be leveraged to prevent the application of MotW labels on files that have been extracted from internet-downloaded ZIP archives. "An attacker could deliver Word or Excel files in a downloaded ZIP that would not have their macros blocked due to the absence of the MotW (depending on Office macro security settings), or would escape the inspection by Smart App Control," said 0patch co-founder and ACROS Security CEO Mitja Kolsek. Micropatches could be applied to Windows 10 v1803 and later, Windows 7 with or without ESU, Windows Server 2008 R2 with or without ESU, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, and Windows Server 2022.