Microsoft fixes exploited zero-day vulnerability in Windows

Share post:

Microsoft has fixed a security vulnerability that permitted malicious hackers to circumvent Windows SmartScreen security and distribute Magniber ransomware and Qbot malware payloads.

This comes after Microsoft has been working to fix it since late October, when HP’s threat intelligence team issued the first warning after the vulnerability was exploited multiple times in the wild.

The infected standalone JavaScript files were used to exploit the CVE-2022-44698 zero-day vulnerability and circumvent Windows’ Mark-of-the-Web security warnings.

The CVE-2022-44698 vulnerability was exploitable via three attack vectors: First, In a web-based attack scenario, an attacker could host a malicious website that exploits the security feature bypass.

Second, To exploit the bypass in an email or instant message attack scenario, the attacker could send the targeted user a specially crafted.url file. Third, compromised websites or websites that accept or host user-provided content may contain specially crafted content designed to circumvent security features.

Qbot (AKA Quakbot) is an old and well-known banking trojan that continues to pose a significant threat to victims by tricking them into opening malicious files or visiting attacker-controlled websites.

The sources for this piece include an article in BleedingComputer.

Featured Tech Jobs



Related articles

Kaspersky uncovers malware targeting iPhones running iOS 15.7 and below

Kaspersky has uncovered a sophisticated malware campaign specifically designed to infect iPhones running up to iOS 15.7 through...

WordPress fixes critical Jetpack plugin vulnerability

WordPress has addressed a critical flaw discovered in the Jetpack plugin, which had the potential to enable authors...

Akamai discovers Dark Frost botnet exploiting gaming platforms

Akamai's security intelligence response team recently has alerted the general public of Dark Frost, a botnet that has...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways