Windows Search Vulnerability Identified
Industry: N/A | Level: Tactical | Source: BleepingComputer
Reported by BleepingComputer, a Windows search vulnerability has been identified to enable a search window containing malicious code to be executed from launching a Word document. "The security issue can be leveraged because Windows supports a URI protocol handler called 'search-ms' that allows applications and HTML links to launch customized searches on a device. While most Windows searches will look on the local device's index, it is also possible to force Windows Search to query file shares on remote hosts and use a custom title for the search window." A targeted victim would have to manually execute the executable file and accept the security prompt for the attacker's remote application to run.
Anvilogic Use Cases:
- Rare executable from Microsoft Office