
These files are signed with an Authenticode signature that is invalid but crafted in a way that causes SmartScreen to return an error. The financially motivated threat actor that is behind the Magniber ransomware has exploited CVE-2023-24880 to deliver specially crafted MSI files. The SmartScreen feature is designed to protect users against phishing and malware, including by flagging potentially malicious files downloaded from the web. The internet giant’s researchers reported their findings to Microsoft on February 15 and a fix has been released with Microsoft’s latest Patch Tuesday updates. Google’s Threat Analysis Group (TAG) said the vulnerability, tracked as CVE-2023-24880, has been exploited since at least January. If it hasn’t been seen before and Windows is unsure if it’s safe, it prevents the app from launching and warns you that it may be hazardous but allows you to dismiss this warning.A cybercrime group has been exploiting a zero-day vulnerability in the Microsoft SmartScreen security feature to deliver the Magniber ransomware, Google warned on Tuesday.

However, SmartScreen will block the file or program from downloading if it has been encountered previously and is known to be harmful malware. SmartScreen will allow the file to execute if it has been seen previously and is known to be safe.

The SmartScreen filter examines every application or file you download against a Microsoft database. The majority of viruses and malware are distributed via executable files.

Here are other related guides you should see: Smart App Control and how to enable Phishing Protection: Windows 11 New Security Features, New Windows 11 encryption features and security enhancements will help protect hybrid work, How to find and remove Malware with Microsoft Defender Offline, How to restore quarantined files in Microsoft Defender Antivirus, and How to turn on Windows 10 Tamper Protection for Microsoft Defender.
