Microsoft Defender SmartScreen Security Feature Bypass Vulnerability - 20221216002

Overview

Microsoft have released a Security Bulletin relating to a Windows SmartScreen Security Feature Bypass vulnerability.

What is the threat?

An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.

What is the vulnerability?

CVE-2022-44698 - Known to be exploited.

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

The ACSC is aware the vulnerability may have been exploited in the wild. The ACSC is not aware of successful exploitation attempts against Australian organisations.

Recommendation

Due to known exploitations, the WA SOC recommends remediating these vulnerabilities within the next two weeks as per vendor instructions: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44698

Reference

• Microsoft Security Bulletin: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44698