Skip to main content

Market Overview

Phishing Attacks Exploit Microsoft's Zero-Day Vulnerability, Sneak Past Windows Security Warnings

Share:
Phishing Attacks Exploit Microsoft's Zero-Day Vulnerability, Sneak Past Windows Security Warnings

Recent phishing scams are targeting Microsoft Corporation’s (NASDAQ: MSFT) Windows zero-day vulnerability to install Qbot malware without displaying the customary security alerts.

What Happened: On Saturday, a report shared by Bleeping Computer stated that new phishing attacks were using a Windows zero-day vulnerability to drop the Qbot malware "without displaying Mark of the Web security warnings."

The malware infiltrates victims’ systems via manipulated email attachments and allows malicious codes to enter. 

See Also: How To Buy Microsoft (MSFT) Stock

Usually, when files are downloaded from an untrusted remote location, Windows displays a label on the file called the Mark of the Web. If users continue to open the said file with the MotW label, Windows gives a security warning asking if they are sure about accessing the file. 

However, cybercriminals are now leveraging the Windows Mark of the zero-day Web vulnerability by distributing JS files signed with malformed signatures. 

Why It’s Important: Microsoft has known about the zero-day vulnerability since October. Now that malware campaigns are targeting this weakness, it is likely the bug will be fixed as part of the December 2022 patch security updates, the report stated.  

In October, Microsoft released a free unofficial patch to address an actively exploited zero-day flaw in the Windows MotW security mechanism. The bug allowed cybercriminals to prevent MotW labels on files extracted from ZIP archives, another Bleeping Computer report noted. 

Read Next: After Bill Gates Dumps Billions In Berkshire To Buy Microsoft, His Quiet Biotech Portfolio Has Made A New Trade

 

Related Articles (MSFT)

View Comments and Join the Discussion!

Posted-In: Consumer Tech malware phishing WindowsNews Tech

Don't Miss Any Updates!
News Directly in Your Inbox
Subscribe to:
Benzinga Premarket Activity
Get pre-market outlook, mid-day update and after-market roundup emails in your inbox.
Market in 5 Minutes
Everything you need to know about the market - quick & easy.
Fintech Focus
A daily collection of all things fintech, interesting developments and market updates.
SPAC
Everything you need to know about the latest SPAC news.
Thank You

Thank you for subscribing! If you have any questions feel free to call us at 1-877-440-ZING or email us at vipaccounts@benzinga.com