Now that the vulnerability has been fixed, I can freely publish the details. What I always find the most interesting about vulnerability research write-ups is the process on how one found the bug, what tools were used and what approach was taken. It has already been reported to Microsoft, without a fix deployed for more than 90 days. This sounded to me like a nice challenge to freshen up my rusty RE skills. Without trying too hard, here I've got a ZIP file where the contents retain NO protection from Mark of the Web. Even though Windows tries to apply MotW to extracted ZIP contents, it's really quite bad at it. So if it were a ZIP instead of ISO, would MotW be fine? In October 2022, I've come across a tweet from 5th July, from who reported a discovery of a new method for bypassing MOTW, using a flaw in how Windows handles file extraction from ZIP files.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |