Blog

Jun 2, 2022

New Windows Search zero-day added to Microsoft protocol nightmare

Posted by in category: cybercrime/malcode

A new Windows Search zero-day vulnerability can be used to automatically open a search window containing remotely-hosted malware executables simply by launching a Word document.

The security issue can be leveraged because Windows supports a URI protocol handler called ‘search-ms’ that allows applications and HTML links to launch customized searches on a device.

While most Windows searches will look on the local device’s index, it is also possible to force Windows Search to query file shares on remote hosts and use a custom title for the search window.

Comments are closed.