Microsoft fixes exploited zero-day vulnerability in Windows

December 15, 2022

Microsoft has fixed a security vulnerability that permitted malicious hackers to circumvent Windows SmartScreen security and distribute Magniber ransomware and Qbot malware payloads.

This comes after Microsoft has been working to fix it since late October, when HP’s threat intelligence team issued the first warning after the vulnerability was exploited multiple times in the wild.

The infected standalone JavaScript files were used to exploit the CVE-2022-44698 zero-day vulnerability and circumvent Windows’ Mark-of-the-Web security warnings.

The CVE-2022-44698 vulnerability was exploitable via three attack vectors: First, In a web-based attack scenario, an attacker could host a malicious website that exploits the security feature bypass.

Second, To exploit the bypass in an email or instant message attack scenario, the attacker could send the targeted user a specially crafted.url file. Third, compromised websites or websites that accept or host user-provided content may contain specially crafted content designed to circumvent security features.

Qbot (AKA Quakbot) is an old and well-known banking trojan that continues to pose a significant threat to victims by tricking them into opening malicious files or visiting attacker-controlled websites.

The sources for this piece include an article in BleedingComputer.

Top Stories

Related Articles

June 9, 2026 Hackers exploited Meta’s AI-powered support chatbot to gain control of Instagram accounts, including several high-profile profiles. Meta more...

June 5, 2026 Security researchers have disclosed a new denial-of-service attack called HTTP/2 Bomb that can overwhelm major web servers more...

May 20, 2026 The Cybersecurity and Infrastructure Security Agency, the arm of the U.S. government tasked with protecting critical infrastructure more...

May 11, 2026 Instructure has restored access to its Canvas learning platform after a cyberattack disrupted service for universities and more...

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn