Windows SmartScreen Bypass Vulnerability Reported in December
What is Windows SmartScreen?
Windows SmartScreen is a security feature in Windows 10, 8.1 and 8 that helps protect your computer from potentially dangerous apps, files, and websites. When you run an unfamiliar app or open a file from an unknown location, SmartScreen checks the item against a list of reported malicious software and websites. If the item is on the list, SmartScreen displays a warning to let you know that the app or file has been blocked for your protection. SmartScreen also sends information about the app, file, or website to Microsoft so that we can improve the SmartScreen filter and help protect you and other users in the future.
CVE-2022–44698
On December 13, 2022, Microsoft disclosed — attackers were able to craft malicious files that would evade Mark of the Web (MOTW) defenses. This enabled an attacker to bypass Windows SmartScreen protections on the device in question.
Microsoft’s announcement lists three scenarios this could be potentially exploited by an attacker:
- In a web-based attack scenario, an attacker could host a malicious website that is designed to exploit the security feature bypass.
- In an email or instant message attack scenario, the attacker could send…
