Copy2pwn circumvents Windows Mark Of The Web security feature

Published:

spot_img

Uncovering the Copy2Pwn Vulnerability: Bypassing Windows Protections

Security experts have recently uncovered a critical vulnerability, CVE-2024-38213, that poses a significant threat to Windows users. This vulnerability, known as “copy2pwn,” allows threat actors to bypass Windows’ Mark-of-the-Web (MotW) protections through simple copy-and-paste operations.

The exploit targets Web-based Distributed Authoring and Versioning (WebDAV) shares, which can be accessed through web browsers or mounted as Windows Explorer paths. By leveraging this vulnerability, threat actors can host malicious payloads on WebDAV shares and evade built-in Microsoft protections like Windows Defender SmartScreen.

The Mark-of-the-Web is a crucial security feature in Windows that applies an NTFS Alternate Data Stream (ADS) to files downloaded from the internet, triggering additional security checks and prompts to reduce the risk of executing untrusted content. Without the MotW designation, protective mechanisms like Windows Defender SmartScreen and Microsoft Office Protected View become ineffective, leaving users vulnerable to malicious attacks.

Researchers from the Zero Day Initiative (ZDI) Threat Hunting team have observed an uptick in malicious campaigns exploiting WebDAV shares, with threat actors using specific Windows search queries to control the files displayed in the share. This tactic allows attackers to disguise malicious files as harmless ones, increasing the likelihood of successful attacks.

To address this vulnerability, Microsoft released a security patch in June 2024 to fix CVE-2024-38213. Users are advised to exercise caution when accessing WebDAV shares and remain vigilant when copying and pasting files from these sources to prevent falling victim to copy2pwn attacks. Stay informed and stay safe in the ever-evolving landscape of cybersecurity threats.

spot_img

Related articles

Recent articles

Mining in Motion: African Ministers Unite to Accelerate Extractive Sector Growth

### **Mining in Motion Summit Set for 2025 in Accra** The **Mining in Motion** summit is poised to be the most significant event for mining...

PureRAT Malware Soars 4x in 2025, Targeting Russian Firms with PureLogs

Surge in Phishing Attacks Targeting Russian Businesses: Unpacking the PureRAT Malware May 21, 2025 By Ravie Lakshmanan Tags: Malware, Windows Security The Emergence of PureRAT Malware Recent studies by...

Searchlight Cyber Unveils AI Tools to Summarize Dark Web Content

Enhancing Dark Web Investigations: Searchlight Cyber Unveils New AI Features in Cerberus Introduction to Cerberus AI Insights Searchlight Cyber has made significant strides in the field...

Russian Hackers Target Email and VPN Flaws to Infiltrate Ukraine Aid Operations

Cyber Espionage by Russian APT28: Targeting Western Logistics and Technology Entities In recent developments, the cyber landscape has been significantly impacted by a state-sponsored campaign...