New Windows Server 2012 zero-day gets free, unofficial patches
Free unofficial security patches have been released through the 0patch platform to address a zero-day vulnerability introduced over two years ago in the Windows Mark of the Web (MotW) security mechanism.
Windows automatically adds Mark of the Web (MotW) flags to all documents and executables downloaded from untrusted sources. These MotW labels inform the Windows operating system, Microsoft Office, web browsers, and other applications that the file should be treated cautiously.
As a result, users are warned that opening such files could lead to potentially dangerous behavior, such as installing malware on their devices.
According to Mitja Kolsek, co-founder of the 0patch micropatching service, this flaw can let attackers prevent Windows from applying (MotW) labels on some file types downloaded from the Internet.
"Our researchers discovered a previously unknown vulnerability on Windows Server 2012 and Server 2012 R2 that allows an attacker to bypass a security check otherwise enforced by Mark of the Web on certain types of files," said Mitja Kolsek, co-founder of the 0patch micropatching service.
"Our analysis revealed this vulnerability was introduced to Windows Server 2012 over two years ago, and remained undetected - or at least unfixed - until today. It is even present on fully updated servers with Extended Security Updates."
ACROS Security, the company behind 0Patch, will withhold information on this vulnerability until Microsoft releases official security patches that block potential attacks targeting vulnerable servers.
These unofficial patches are available for free for both legacy Windows versions and fully updated ones:
- Windows Server 2012 updated to October 2023
- Windows Server 2012 R2 updated to October 2023
- Windows Server 2012 fully updated with Extended Security Updates
- Windows Server 2012 R2 fully updated with Extended Security Updates
To install these micropatches on your Windows Server 2012 systems, register a 0patch account and install its agent. If there are no custom patching policies to block them, they will be deployed automatically after launching the agent (without requiring a system restart).
"Vulnerabilities like these get discovered on a regular basis, and attackers know about them all," Kolsek added today.
"If you're using Windows that aren't receiving official security updates anymore, 0patch will make sure these vulnerabilities won't be exploited on your computers - and you won't even have to know or care about these things."
A Microsoft spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.
AI-Powered Fake News Campaign Targets Western Support for Ukraine and U.S. Elections
Bologna FC confirms data breach after RansomHub ransomware attack
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2025-24983 Microsoft Windows Win32k Use-After-Free Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
CVE-2024-20953 Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability
MediumBypassing 403
InformationalRetrieved from Cache
HighOpen Redirect
InformationalHTTP Parameter Pollution
HighPath Traversal
Free online web security scanner