Kuba GretzkyNov 8, 2022

Microsoft has just released a patch for ZIP MOTW vulnerability assigned as CVE-2022-41091.

I am happy to be able to finally drop my bug analysis write-up! 🔥🐜​

Enjoy and happy patching!
https://breakdev.org/zip-motw-bug-analysis/

Exploring ZIP Mark-of-the-Web Bypass Vulnerability (CVE-2022-41049)

Windows ZIP extraction bug (CVE-2022-41049) lets attackers craft ZIP files, which evade warnings on attempts to execute packaged files, even if ZIP file was downloaded from the Internet.

BREAKDEV
Show threadan0nud4y 
@mrgretzky Your blog writeups are always awesome. Learning a lot from you.
Nov 11, 2022 at 6:56amWeb
Show threadKuba GretzkyNov 11, 2022
@an0nud4y Thanks man! Much appreciated 😀​🍻​