That familiar warning you get when installing a new app on Windows? The one that occasionally blocks installations from suspicious sources? It turns out it’s been compromised for years. Recent research reveals that Windows SmartScreen (or Smart App Control in Windows 11) has had critical vulnerabilities for at least six years.
Designed to offer an additional layer of security against unknown executables, SmartScreen has been found to be surprisingly easy to bypass. Elastic Security Labs uncovered that techniques like “LNK stomping” can sidestep the Mark of the Web identifier, allowing malicious applications to bypass security checks. Simple tricks, such as appending extra characters to file paths or manipulating code signatures, make it easier for hackers to exploit these weaknesses.
The research highlights multiple bypass methods, including reputation hijacking and tampering, with technical details and animated examples available for those interested. Fortunately, an open-source tool has been developed to help identify files that might exploit these vulnerabilities. Despite the long-standing issues, Microsoft has taken action, with recent updates addressing some of these security flaws.
