What is Nostr?
Will Dormann /
npub12xh…zxeq
2024-08-05 15:15:39

Will Dormann on Nostr: This is a fun one from Elastic Security Labs. ...

This is a fun one from Elastic Security Labs.
https://www.elastic.co/security-labs/dismantling-smart-app-control

In the process of canonicalizing the path in a LNK file when it is clicked on, Windows rewrites the LNK file, clobbering the Mark of the Web (MotW) along with it. The impact here is that things that rely on MotW, e.g. Smart App Control (SAC) or SmartScreen, fail to protect the user in any way with such files. This has been abused ITW for 6 years.

MSRC has said that they might possibly address it in the future.
There is no CVE for this, as Microsoft doesn't assign CVEs to vulnerabilities. They assign CVEs to fixes.

Author Public Key
npub12xhpqz0ygq7cy87pcyhpf06tgr0yf37uv9mcnzzqeg00n70tca5q0vzxeq