Windows ZIP extraction bug (CVE-2022-41049) lets attackers craft ZIP files, which evade warnings on attempts to execute packaged files, even if ZIP file was downloaded from the Internet.
November 2022 Patch Tuesday is here, with fixes for CVE-2022-41091, CVE-2022-41049, CVE-2022-41128 and other actively exploited bugs.