Image 1: Mark-of-the-Web Security Pop Up
The Mark-of-the-web vulnerability is concerning because threat actors have already started to exploit it in ransomware attacks. Microsoft stated that they are aware of the vulnerability and are investigating it. In the meantime, there is an unofficial micro-patch for the flaw issued by a third-party company called 0patch. The patch can be applied to the following Windows versions:
At this time, there are no known IoCs associated with the Mark-of-the-web vulnerability. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.