Kuba GretzkyNov 8, 2022

Microsoft has just released a patch for ZIP MOTW vulnerability assigned as CVE-2022-41091.

I am happy to be able to finally drop my bug analysis write-up! 🔥🐜​

Enjoy and happy patching!
https://breakdev.org/zip-motw-bug-analysis/

Exploring ZIP Mark-of-the-Web Bypass Vulnerability (CVE-2022-41049)

Windows ZIP extraction bug (CVE-2022-41049) lets attackers craft ZIP files, which evade warnings on attempts to execute packaged files, even if ZIP file was downloaded from the Internet.

BREAKDEV
Show threadAdam Chester Nov 8, 2022
@mrgretzky that is a cool write up, love the paths you took as well!
Show threadKuba Gretzky

@xpn Thanks a lot! ❤️​ Even though the whole post in 80% consists of taking the wrong approaches, I think it is best to always see the process, which is sometimes so hard to document.

I took a lot of inspiration from your old MacOS RE posts, as these had a similar vibe 😀​

Nov 9, 2022 at 12:59pmWeb