Hackers Abusing Windows Smart App Control and SmartScreen Vulnerability Since 2018

A design flaw in Windows Smart App Control and SmartScreen allows attackers to launch programs without triggering security warnings, a vulnerability exploited since at least 2018. This flaw, involving LNK files (dubbed LNK stomping), enables bypassing security checks by manipulating target paths, which removes the Mark of the Web (MotW) label from downloaded files. Elastic Security Labs discovered this bug, noting that it affects Windows 11's Smart App Control and its predecessor, SmartScreen. They found multiple samples exploiting this vulnerability on VirusTotal, with the earliest dating back over six years. Microsoft has been informed and may address the issue in a future update. Read more...