← back
CVE-2022-41049

Windows Mark of the Web Security Feature Bypass Vulnerability

CVSS 5.4 MEDIUMEPSS 2.5%● KEV
In short

A security feature in Windows called Mark of the Web, which warns users about potentially dangerous downloaded files, can be bypassed. This allows attackers to distribute malicious files without triggering safety warnings.

Technical detail

This vulnerability allows attackers to bypass the Mark of the Web (MOTW) security feature by manipulating file attributes or using specific file handling techniques, enabling distribution of untrusted content without triggering Windows security warnings. Exploitation requires user interaction (file download and execution) but significantly reduces warning visibility.

Summary generated and translated by AI from the official description.
Windows Mark of the Web Security Feature Bypass Vulnerability
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C
Affected products
Microsoft · Windows 10 Version 1507Microsoft · Windows 10 Version 1607Microsoft · Windows 10 Version 1809Microsoft · Windows 10 Version 20H2Microsoft · Windows 10 Version 21H1Microsoft · Windows 10 Version 21H2Microsoft · Windows 10 Version 22H2Microsoft · Windows 11 version 21H2Microsoft · Windows 11 version 22H2Microsoft · Windows Server 2016Microsoft · Windows Server 2016 (Server Core installation)Microsoft · Windows Server 2019Microsoft · Windows Server 2019 (Server Core installation)Microsoft · Windows Server 2022

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41049https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41049