Phishing Attacks Exploit Microsoft's Zero-Day Vulnerability, Sneak Past Windows Security Warnings

Recent phishing scams are targeting Microsoft Corporation’s (NASDAQ: MSFT) Windows zero-day vulnerability to install Qbot malware without displaying the customary security alerts.

What Happened: On Saturday, a report shared by Bleeping Computer stated that new phishing attacks were using a Windows zero-day vulnerability to drop the Qbot malware "without displaying Mark of the Web security warnings."

The malware infiltrates victims’ systems via manipulated email attachments and allows malicious codes to enter. 

See Also: How To Buy Microsoft (MSFT) Stock

Usually, when files are downloaded from an untrusted remote location, Windows displays a label on the file called the Mark of the Web. If users continue to open the said file with the MotW label, Windows gives a security warning asking if they are sure about accessing the file. 

However, cybercriminals are now leveraging the Windows Mark of the zero-day Web vulnerability by distributing JS files signed with malformed signatures. 

Why It’s Important: Microsoft has known about the zero-day vulnerability since October. Now that malware campaigns are targeting this weakness, it is likely the bug will be fixed as part of the December 2022 patch security updates, the report stated.  

In October, Microsoft released a free unofficial patch to address an actively exploited zero-day flaw in the Windows MotW security mechanism. The bug allowed cybercriminals to prevent MotW labels on files extracted from ZIP archives, another Bleeping Computer report noted. 

Read Next: After Bill Gates Dumps Billions In Berkshire To Buy Microsoft, His Quiet Biotech Portfolio Has Made A New Trade