Skorikari

**Name of the Vulnerable Software and Affected Versions** Windows 10 Version 1809 Windows versions prior to the patch released on 2025-03-11 **Description** A security-feature bypass vulnerability in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature locally. This issue is related to a failure in the protection mechanism, enabling attackers to affect the system. The vulnerability may allow an attacker to bypass existing security restrictions and gain access to encrypted data. **Recommendations** For Windows 10 Version 1809, apply the patch released on 2025-03-11 to resolve the issue. For Windows versions prior to the patch released on 2025-03-11, update to a version that includes the fix for this vulnerability. As a temporary workaround, consider restricting access to sensitive data and implementing additional security measures to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows File Explorer (affected versions not specified) **Description** A security flaw in Windows File Explorer allows attackers to capture NTLM hashed credentials when a user opens a folder containing a specially crafted `.library-ms` file embedded within a RAR or ZIP archive. The vulnerability is triggered automatically upon extraction of the archive; no user interaction beyond extraction is required. This allows attackers to perform network spoofing and potentially gain unauthorized access to systems. The vulnerability has been actively exploited in the wild, and a proof-of-concept (PoC) is publicly available. The issue stems from Windows Explorer automatically initiating an SMB authentication request when processing the `.library-ms` file, leading to the disclosure of NTLM hashes. Attackers have been observed using this vulnerability in phishing campaigns, and it has been reported that the vulnerability was offered for sale on underground forums. The vulnerability is related to the processing of UNC paths within the `.library-ms` file. Some reports indicate the vulnerability has been exploited through malicious documents containing links to SMB resources. **Recommendations** Apply the latest security updates released by Microsoft for Windows File Explorer.

**Name of the Vulnerable Software and Affected Versions** Windows Remote Desktop Gateway (RD Gateway) (affected versions not specified) **Description** The issue is related to a denial-of-service vulnerability in the Windows Remote Desktop Gateway (RD Gateway). It is associated with synchronization errors when using a shared resource. Exploitation of this issue can allow an attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.