← back
CVE-2022-41049

Windows Mark of the Web Security Feature Bypass Vulnerability

CVSS 5.4 MEDIUMEPSS 2.5%● KEV
Vexday Risk Score
43Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 5.4EPSS 2.5%KEV simPoC Nuclei Metasploit Patch referenciado
Lifecycle
09 Nov 2022Published on NVD
14 Nov 2022Active exploitation (CISA KEV)
Weaponization speed
5 daysto active exploitation (KEV)
Weaponized quickly — attackers prioritized this vulnerability. Patch urgently.
Recommendation: Plan a near-term fix — a public PoC already exists.
In short

A security feature in Windows called Mark of the Web, which warns users about potentially dangerous downloaded files, can be bypassed. This allows attackers to distribute malicious files without triggering safety warnings.

Technical detail

This vulnerability allows attackers to bypass the Mark of the Web (MOTW) security feature by manipulating file attributes or using specific file handling techniques, enabling distribution of untrusted content without triggering Windows security warnings. Exploitation requires user interaction (file download and execution) but significantly reduces warning visibility.

Summary generated and translated by AI from the official description.
Windows Mark of the Web Security Feature Bypass Vulnerability
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C