A new Windows Search zero-day vulnerability can be used to automatically open a search window containing remotely-hosted malware executables simply by launching a Word document.
The security issue can be leveraged because Windows supports a URI protocol handler called ‘search-ms’ that allows applications and HTML links to launch customized searches on a device.
While most Windows searches will look on the local device’s index, it is also possible to force Windows Search to query file shares on remote hosts and use a custom title for the search window.
Comments are closed.