Windows 10 and Windows 11 users should be extra vigilant as hackers have discovered a new way to bypass Windows security, and Microsoft currently has no patch.
Discovered by Will Dorman, senior vulnerability analyst at Analygence, the vulnerability allows malicious files to bypass Windows warnings. Moreover, these files can pass undetected by any source: web browser, e-mail attachment or network share.
Microsoft has confirmed new critical security flaws in all versions of Windows, including Windows 11
The vulnerability affects all modern Microsoft operating systems: Windows 10, Windows 11, and Windows Server 2019 and 2022. Windows 7 and Windows 8 are not affected.
At press time, Microsoft has not commented on day zero, and there is no timeline for an official fix. The good news is that third-party security specialist 0patch has released an interim patch, which you can download here.
“[The zero-day] stems from a logical error in the way Windows evaluates the security of an unknown document,” Mitja Kolsek, co-founder of 0patch, warned in an email exchange with me. “None of these vulnerabilities can trick the user into opening the document, but the security warning…is the only thing that can change the user’s mind before their computer is compromised.”
0patch has provided an installation guide for the patch, which you can watch here:
Kolsek notes that this is the second vulnerability in recent weeks that allows attackers to bypass Windows security warnings when tricking users into opening malicious files. Both were zero-day hacks.
I have contacted Microsoft about this flaw and will update this message when/if I receive a response.
Learn more about Forbes
