Published on: December 18, 2024
A critical zero-day vulnerability has been discovered in Windows Server 2012 and Server 2012 R2, enabling attackers to bypass the Mark of the Web (MotW) security feature. This flaw, undetected for over two years, poses a significant risk to organizations relying on these server versions, even those with fully updated systems and Extended Security Updates.
The vulnerability affects specific file types, potentially exposing servers to malicious attacks. While detailed information is withheld to prevent exploitation, the flaw’s persistence in fully patched systems underscores its severity. Security researchers at 0patch identified the issue and promptly reported it to Microsoft. In the interim, they have developed free micropatches to address the vulnerability until an official fix is released.
The affected systems include:
- Windows Server 2012 (updated to October 2023)
- Windows Server 2012 R2 (updated to October 2023)
- Windows Server 2012 with Extended Security Updates
- Windows Server 2012 R2 with Extended Security Updates
To mitigate the risk, organizations are advised to:
- Apply the available micropatches immediately.
- Monitor for official updates from Microsoft.
- Consider upgrading to more recent, fully supported server versions.
- Implement additional security measures to protect critical systems.
0patch says it is “withholding details on this vulnerability until Microsoft’s fix becomes available to prevent malicious exploitation.”
This discovery highlights the ongoing security challenges faced by organizations using older Windows Server versions and emphasizes the importance of regular security audits and robust patch management strategies.