Windows 10 and Windows 11 users need to be extra vigilant because hackers have discovered a new way to bypass Windows security, and Microsoft currently has no fix.
Discovered by Will Dormann, a senior vulnerability analyst at Analygence, the vulnerability allows malicious files to bypass Windows warnings. Moreover, these files can pass undetected through any source: web browser, email attachment or network share.
ADVERTISEMENT
The vulnerability impacts all modern Microsoft operating systems: Windows 10, Windows 11, and Windows Server 2019 and 2022. Windows 7 and Windows 8 are not affected.
At the time of publication, Microsoft has not commented on the zero-day, and there is no timeframe for an official patch. The good news is third-party security specialist 0patch has come up with a temporary fix, which you can download here.
“[The zero-day] stems from a logical error in the way Windows make a security assessment of an unknown document,” warned 0patch co-founder Mitja Kolsek, in an email exchange with me. “Neither of these vulnerabilities can make the user open the document, but the security warning… is the only thing that can make the user change their mind before their computer gets compromised.”
0patch has provided an install guide for the fix, which you can watch here:
ADVERTISEMENT
Kolsek notes that this is the second vulnerability in recent weeks, which allows attackers to bypass Windows security warnings when tricking users into opening malicious files. Both were zero-day hacks.
I have contacted Microsoft about this flaw and will update this post when/if I receive a reply.
More On Forbes
ADVERTISEMENT