ACROS Security’s 0patch micropatch service has published free, unofficial patches to address a zero-day vulnerability that appeared more than two years ago in the Windows Mark of the Web (MotW) security mechanism, BleepingComputer reported.
According to Mitja Kolsek, co-founder of 0patch, this vulnerability could allow attackers to prevent Windows from applying tags (MotW) to some types of files downloaded from the Internet, which are added to all documents and executable files downloaded from untrusted sources, warning about potential danger.
Image source: Microsoft
0patch researchers have discovered a previously unknown vulnerability in Microsoft Windows Server 2012 and Server 2012 R2 that allows an attacker to bypass security checks. The analysis showed that this vulnerability appeared in Windows Server 2012 more than two years ago and remained undetected – or at least unpatched – until today. Its presence can be detected even on fully updated servers with extensive security updates.
ACROS Security will not disclose detailed information about this vulnerability until Microsoft releases official security patches for it. Unofficial patches are available free of charge both for outdated versions of Windows whose support period has already expired, and for completely updated ones, including:
- Windows Server 2012 with updates until October 2023
- Windows Server 2012 R2 with updates until October 2023
- Windows Server 2012 (all extended security updates).
- Windows Server 2012 R2 (all extended security updates).
To install these micropatches on Windows Server 2012 systems whose support ended more than a year ago, you must register with the 0patch service and install an agent program. If there are no policies to prevent patching, patches will be deployed automatically after the agent starts (without the need for a system restart).