Longstanding Windows Bug
The biggest fear of any business owner is accidentally handing over sensitive data or program access to online hackers. This threatens the business’s reputation, employees, and customers. Unfortunately, anything from system crashes to vulnerabilities can cause this, and a longstanding Windows bug proves that.
What Are SmartScreen and SAC?
If you’re a business owner who relies on Windows daily, you’re likely familiar with Microsoft’s SmartScreen. This security feature, onboarded with Windows 10, checks the reputation of each downloaded app and visited website’s URL and warns you of any concerns. Similarly, Smart App Control (SAC), which comes standard with Windows 11, checks for signatures on an app before running it on your system.
For instance, if an application, URL link, or file has a longstanding, positive reputation with signatures, the security measures won’t take further action. If they don’t, SmartScreen or SAC uses a so-called Mark of the Web (MoTW) flag to warn you about the item in question. While Microsoft has made numerous patches for these security measures during updates, these programs still have errors, some of which are now abounding.
The Methods Used in Overriding These Security Applications
Researchers from Elastic Security Labs believe hackers have been exploiting a Windows bug since 2018 in one of two ways. First, they will attempt to use a code-signing certificate to “validate” the malware and raise its reputation so that it passes these security checks. Barring that, they create non-standard target paths in an LNK file (a shortcut for opening a file, folder, or application) so that Microsoft Explorer modifies and accidentally bypasses the MotW label and marks it as safe.
Other methods online attackers have been using to get business owners to open files with dangerous binaries and applications include:
- Reputation hijacking where a threat actor uses an established app and repurposes it so it carries malware, while the positive reputation gets it past security
- Reputation seeding where attackers inject a new script host binary with vulnerabilities into your system that they can take advantage of or ones with malicious codes that they can later activate
- Reputation tampering where hackers alter legitimate codes or binaries without risking the file losing its positive reputation
What You Should Do To Stay Safe
Windows users like you may be up in arms over this discovery, but there’s plenty you can do to stay safe. For instance, Microsoft regularly releases patches with updates, so turn on automatic updates so that your SAC and SmartScreen features will no longer fall victim to this glitch. Otherwise, remain on the lookout for recent patches so you can manually update to lower vulnerabilities that encourage malware.
Until a patch is available (and even after), your in-house security or IT team should inspect and troubleshoot all downloads within their detection stack. That way, they won’t depend solely on these built-in, fallible security applications.
Protect Your Business from Threats
You can protect your business and clients even with rising Windows threats by staying alert and informed.
Please sign up for our newsletter above
By Denis Wilson
Thanks for reading this post. I always take into mind that your time and attention are precious. And these posts need to be timely, to the point, and short. For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, YouTube, and Facebook.
I am also a published author and speaker on cloud computing, remote-work, cybersecurity, and AI. I work extensively with business and professional associations to provide small business technology education programs.
Contact me if you have any questions about the subject. I'd be happy to spend 15 minutes discussing it with you.
