Ever notice that security warning when you try to install a new app on Windows? It’s been compromised for a long time—at least six years, according to new security findings. Windows SmartScreen, or Smart App Control in Windows 11, was meant to provide extra protection for files from unknown sources, but researchers have found it has been easily bypassed.
Elastic Security Labs discovered several methods to circumvent this security feature, including a technique known as “LNK stomping.” This method bypasses the Mark of the Web system, allowing malicious files to slip through the cracks. Hackers can also manipulate file signatures or modify paths to evade detection, making the process of exploiting these vulnerabilities quite straightforward.
Additional bypass techniques, such as reputation seeding and tampering, have also been identified. Detailed technical insights and visual examples are available for those interested. An open-source tool has been released to help detect these issues. Despite these long-standing vulnerabilities, Microsoft has addressed some of the problems in recent updates, reflecting their commitment to improving security.