Our researchers discovered a previously unknown vulnerability on Windows Server 2012 and Server 2012 R2 that allows an attacker to bypass a security check otherwise enforced by Mark of the Web on certain types of files.
Our analysis revealed this vulnerability was introduced to Windows Server 2012 over two years ago, and remained undetected - or at least unfixed - until today. It is even present on fully updated servers with Extended Security Updates.
We reported this issue to Microsoft, and, as usual, issued micropatches for it that will remain free until Microsoft has provided an official fix.
We are withholding details on this vulnerability until Microsoft's fix becomes available to prevent malicious exploitation.
Micropatch Availability
Since
this is a "0day" vulnerability with no official vendor fix available,
we are providing our micropatches for free until such fix becomes
available.
Micropatches were written both for our:
Legacy Windows versions:
- Windows Server 2012 updated to October 2023
- Windows Server 2012 R2 updated to October 2023
Windows versions still receiving Windows Updates:
- Windows Server 2012 fully updated with Extended Security Updates
- Windows Server 2012 R2 fully updated with Extended Security Updates
Micropatches have already been distributed to, and applied on, all affected online computers with 0patch Agent in PRO or Enterprise accounts (unless Enterprise group settings prevented that).
Vulnerabilities like these get discovered on a regular basis, and
attackers know about them all. If you're using Windows that aren't
receiving official security updates anymore, 0patch will make sure these
vulnerabilities won't be exploited on your computers - and you won't
even have to know or care about these things.
If you're new to 0patch, create a free account in 0patch Central, start a free trial, then install and register 0patch Agent. Everything else will happen automatically. No computer reboot will be needed.
Did
you know 0patch will security-adopt Windows 10 when it goes out of
support in October 2025, allowing you to keep using it for at least 5
more years? Read more about it here.
To learn more about 0patch, please visit our Help Center.
Article Link: 0patch Blog: Windows Server 2012 Mark of the Web Vulnerability (0day) - and Free Micropatches for it