A significant security vulnerability has been identified in Windows Server 2012 and Server 2012 R2, enabling attackers to circumvent vital security measures enforced by the Mark of the Web (MotW) feature. This zero-day flaw, which has gone unnoticed for over two years, presents a considerable risk to organizations still utilizing these server versions, including those with fully updated systems and Extended Security Updates.
The vulnerability specifically targets certain file types, potentially leaving servers exposed to malicious attacks. While detailed information is being withheld to prevent exploitation, the flaw’s duration and its existence in fully patched systems highlight the urgency of addressing this security concern.
Identified by 0patch security researchers, the vulnerability was promptly reported to Microsoft. In response, they have developed micropatches to mitigate the issue, which will be available free of charge until an official fix is released by Microsoft. This proactive measure aims to safeguard affected systems while the software giant works on a permanent solution.
Affected Systems
The vulnerability impacts the following:
- Windows Server 2012 (updated to October 2023)
- Windows Server 2012 R2 (updated to October 2023)
- Windows Server 2012 with Extended Security Updates
- Windows Server 2012 R2 with Extended Security Updates
Micropatch Availability
To address the risk, free micropatches are now available for the affected systems. These patches have been distributed to online computers equipped with the 0patch Agent on PRO or Enterprise accounts, offering immediate protection against potential exploits.
This discovery serves as a reminder of the ongoing security challenges faced by organizations using older Windows Server versions. It emphasizes the necessity of regular security audits and robust patch management strategies.
Security experts advise organizations still relying on Windows Server 2012 and 2012 R2 to take the following actions:
- Apply the available micropatches without delay.
- Keep an eye out for any official updates from Microsoft.
- Consider upgrading to more recent, fully supported server versions.
- Implement additional security measures to safeguard critical systems.
The emergence of this zero-day vulnerability highlights the ever-evolving landscape of cyber threats. It serves as a reminder that even systems considered fully updated can harbor critical security weaknesses. As the cybersecurity community awaits Microsoft’s official resolution, this situation underscores the vital role of independent security researchers and third-party patch providers in preserving the integrity of widely used software systems.
Analyse Advanced Phishing Analysis With ANY.RUN Black Friday Deals: Get up to 3 Free Licenses.
