Advisory 72: Microsoft Windows Mark of the Web Security Feature Bypass Vulnerability
Release Date: 14th of September 2024
Impact : HIGH / CRITICAL
TLP Rating: Clear 
CERT Vanuatu (CERTVU) and the Office of the Chief Information Officer (OGCIO) provide the following advisory.
What is it?
The Windows Mark of the Web (MotW) Security Feature Bypass Vulnerability is a security flaw in how Windows handles files that are downloaded from the internet. When files are downloaded, Windows tags them with a "Mark of the Web" (MotW), indicating that they came from an untrusted source. This tag typically prompts certain security measures, such as opening the file in Protected View in Microsoft Office or preventing the execution of dangerous code.
What are the Systems affected?
- Microsoft Windows 10 Version 1809 – 32-bit System and x64-based Systems
- Microsoft Windows Server 2019 – x64-Based System
- Microsoft Windows Server 2019 (Server Core Installation) – x64-Based System
- Microsoft Windows Server 2022 – x64-Based System
- Microsoft Windows 11 Version 21H2 – x64-Based System, ARM64-based System
- Microsoft Windows 10 Version 21H2 – 32-bit System and x64-Based System
- Microsoft Windows 11 Version 22H2 – x64-Based System, ARM64-based System
- Microsoft Windows 10 Version 22H2 – x64-Based System, ARM64-based System
- Microsoft Windows 11 Version 22H3 – x64-Based System, ARM64-based System
- Microsoft Windows 11 Version 23H2 – x64-Based System, ARM64-based System
- Microsoft Windows Server 2022, 23H2 Edition (Server Core Installation) – x64-Based System
- Microsoft Windows 11 Version 24H2 – x64-Based System, ARM64-based System
- Microsoft Windows 10 Version 1507 – x64-Based System, ARM64-based System
- Microsoft Windows 10 Version 1607 – x64-Based System, ARM64-based System
- Microsoft Windows Server 2016 – x64-Based System
- Microsoft Windows Server 2016 (Server Core Installation) – x64-Based System
- Microsoft Windows Server 2012 – x64-Based System
- Microsoft Windows Server 2012 (Server Core Installation) – x64-Based System
- Microsoft Windows Server 2012 R2 – x64-Based System
- Microsoft Windows Server 2012 R2 (Server Core Installation) – x64-Based System
What this means?
If Vulnerabilities are not addressed, a cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
Mitigation process
CERTVU Encourages users and administrators to review the below and apply necessary security updates.
References
- https://www.cisa.gov/news-events/alerts/2024/09/10/cisa-adds-four-known-exploited-vulnerabilities-catalog
- https://www.cve.org/CVERecord?id=CVE-2024-38217
- Download advisory (English): Microsoft Windows Mark of the Web Security Feature Bypass Vulnerability
- Download advisory (Bislama): Wiknes long saed blong Go Raon long Sekuriti Aspek blong Microsoft Windows Mark of the Web
- Download advisory (French): Vulnérabilité de contournement de la fonction de sécurité Mark of the Web de Microsoft Windows