Copy2pwn circumvents Windows Mark Of The Web security feature

Published:

spot_img

Uncovering the Copy2Pwn Vulnerability: Bypassing Windows Protections

Security experts have recently uncovered a critical vulnerability, CVE-2024-38213, that poses a significant threat to Windows users. This vulnerability, known as “copy2pwn,” allows threat actors to bypass Windows’ Mark-of-the-Web (MotW) protections through simple copy-and-paste operations.

The exploit targets Web-based Distributed Authoring and Versioning (WebDAV) shares, which can be accessed through web browsers or mounted as Windows Explorer paths. By leveraging this vulnerability, threat actors can host malicious payloads on WebDAV shares and evade built-in Microsoft protections like Windows Defender SmartScreen.

The Mark-of-the-Web is a crucial security feature in Windows that applies an NTFS Alternate Data Stream (ADS) to files downloaded from the internet, triggering additional security checks and prompts to reduce the risk of executing untrusted content. Without the MotW designation, protective mechanisms like Windows Defender SmartScreen and Microsoft Office Protected View become ineffective, leaving users vulnerable to malicious attacks.

Researchers from the Zero Day Initiative (ZDI) Threat Hunting team have observed an uptick in malicious campaigns exploiting WebDAV shares, with threat actors using specific Windows search queries to control the files displayed in the share. This tactic allows attackers to disguise malicious files as harmless ones, increasing the likelihood of successful attacks.

To address this vulnerability, Microsoft released a security patch in June 2024 to fix CVE-2024-38213. Users are advised to exercise caution when accessing WebDAV shares and remain vigilant when copying and pasting files from these sources to prevent falling victim to copy2pwn attacks. Stay informed and stay safe in the ever-evolving landscape of cybersecurity threats.

spot_img

Related articles

Recent articles

28 Years Later: Uncovering the Secrets of the Dark Web

Dive Into the Dark Web with 28 Years Later A new promotional venture for 28 Years Later has surfaced on the dark web, enticing fans...

Chrome Vulnerability, Massive DDoS Attack, MFA Bypass Techniques, Banking Trojan, and More

### The Unseen Risks in Cybersecurity Not every cybersecurity threat presents itself as a blatant attack. Often, issues manifest as subtle glitches, odd log entries,...

Ransomware Attack: What to Expect When Negotiating Payment

Ransomware Negotiations: Navigating the Cybersecurity Minefield The Cyber Threat Landscape Imagine this scenario: You've come into the office, only to find all your vital data has...