Windows Search Vulnerability Identified

  |  Source: 
Information & Technology

Windows Search Vulnerability Identified

Reported by BleepingComputer, a Windows search vulnerability has been identified to enable a search window containing malicious code to be executed from launching a Word document. "The security issue can be leveraged because Windows supports a URI protocol handler called 'search-ms' that allows applications and HTML links to launch customized searches on a device. While most Windows searches will look on the local device's index, it is also possible to force Windows Search to query file shares on remote hosts and use a custom title for the search window." A targeted victim would have to manually execute the executable file and accept the security prompt for the attacker's remote application to run.

Get trending threats published weekly by the Anvilogic team.

Sign Up Now