Patch Tuesday: Microsoft Plugs Windows Hole Exploited in Ransomware Attacks


The operating system update, released as part of Microsoft’s scheduled Patch Tuesday, addresses a flaw that lets malicious attackers use rigged files to evade MOTW (Mart of the Web) defenses.

“An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging,” according to Microsoft’s barebones documentation of the issue.

The security defect, tracked as CVE-2022-44698, is marked as publicly disclosed and exploited, adding to the urgency for Windows fleet administrators to prioritize this month’s patches.