A new zero-day vulnerability in Windows • Blisstech Solutions

Introduction

A new zero-day vulnerability in Windows Search has been discovered which can be exploited to automatically open a malicious search window containing remotely-hosted malware executables. The vulnerability is triggered when a user launches a Word document, and can be used to target users across all versions of Windows. Microsoft has yet to release a patch for the vulnerability, so users are advised to exercise caution when opening Word documents from untrusted sources.

What is a zero-day vulnerability and why should I care about it

A zero-day vulnerability is a security hole in software that is unknown to the vendor. These vulnerabilities are highly prized by hackers, as they can be used to exploit systems using vulnerabilities that are yet unknown and are not patched.

Zero-day vulnerabilities are a serious threat to users, as they can be used to exploit systems without the user’s knowledge. In the case of the Windows Search vulnerability, a malicious script can be embedded in a Word document which, when opened by the user, will automatically open a search window containing remote-hosted malware executables. The malware then proceeds to infect the user’s machine.

The exploit in Windows Search and how it works

Windows Search is a built-in search feature in Windows that allows users to search for files and folders on their computer. The Windows Search vulnerability discovered by security researchers can be combined with another zero-day (CVE-2022-30190) and allows attackers to exploit the feature to automatically open a malicious search window containing remotely-hosted malware executables.

The exploit is activated when a user opens a Word document containing a malicious script. When the document is opened, the script automatically runs and opens a search window containing remote-hosted malware executables.

The impact of the exploit

Windows Search is a crucial component of the Windows operating system, used by millions of users every day to find files and folders on their computers. The vulnerability can be triggered by just previewing an Office document, and can be used to target users across all versions of Windows.

The recent discovery of a zero-day vulnerability in Windows Search has raised concerns among security experts, as the exploit can be used to automatically open a malicious search window containing remotely-hosted malware executables.

Using social engineering, the attackers would entice the user to run the malware by claiming they are critical updates or something else that creates a sense of urgency. Then the malware would proceed to infect the user’s machine.

How to protect yourself from the exploit

There are a few things you can do to protect yourself from the Windows Search exploit:

  • Do not open, or even preview, Office documents from untrusted sources.
  • Make sure your antivirus software is up-to-date.
  • Do not use an admin account for day to day activity. Admin rights are needed by most malware, so removing admin rights is one of the best forms of protection.
  • Educate your users on this threat and the risks.

In Conclusion

The recent discovery of a zero-day vulnerability in Windows Search has raised concerns among security experts, as the exploit can be used to automatically open a malicious search window containing remotely-hosted malware executables.

The exploit is triggered when a user launches an Office document, and can be used to target users across all versions of Windows. Microsoft has yet to release a patch for the vulnerability, so users are advised to exercise caution when opening Office documents from untrusted sources.

By following the security measures outlined above, you can help protect yourself and your organization from this dangerous exploit.

Want to discuss your businesses cybersecurity with an expert?  Why not get in touch?

More Content

A little trust can go a long way

Countless employers still don’t trust their people to do their best work unless they’re physically in the office.

Tech Tip: How to get the most out of Google searches

Hello everyone! Today's Tuesday Two Minute Tech-tip shows you how to get the best out of your Google searches. Google search is arguably the best in the world and gives us the internet at our fingertips, but it can be hard to find what you are looking for. This tip...

How to scan a QR code with your phone

As more venues open up for face to face meetings, some are introducing their own track and trace systems using a QR code that you need to scan with your mobile phone. But how? This video explains how to scan a QR code with your phone so you are not trying to figure it...

IT Managed Services for Law Firms

Over the years, technology has shaped and changed legal firms in the UK in many ways.   Technology has helped legal firms to go digital and provide a streamlined client experience by allowing them to access case files online from anywhere. Technology has also helped...

Serious Flaws Discovered in D-Link Routers

Researchers at Fortinet have uncovered serious flaws in four D-Link routers.  The router vulnerabilities were found to allow for remote code execution which means a remote attacker could gain control of your router, snoop on your traffic and redirect your browser to...

Cyber attacks are getting bigger and smarter. Are you vulnerable?

Recently, the biggest ever DDoS attack was reportedly blocked. Worse still, more businesses are being targeted with criminals demanding huge ransoms

Don’t sleep on this simple, effective security booster

Don’t sleep on this simple, effective security booster

Microsoft’s enforcing an extra layer of security for logins to one of its tools. Even if you don’t use it, you should follow their lead and implement this security booster in your business.

AI is making phishing scams more dangerous

AI chatbots have taken the world by storm lately. But for all the fun they offer, criminals have been finding ways to use AI for more sinister purposes.

It’s nearing the end for Windows 10 – Are you ready?

It’s time to say goodbye to Windows 10 Next year, we’ll say a final farewell to Windows 10 as it reaches the end of its life. Microsoft is stopping support. This means no new tools or features and no more security updates. If you’re still using Windows 10 in your...
Microsoft’s fixing this annoying Windows 11 fault

Microsoft’s fixing this annoying Windows 11 fault

Fed up seeing useless “Recommendations” in the Windows 11 Start menu? Good news – Microsoft’s making them more helpful. Here’s how the improvements could help your team save time…

Share This
Contact
Love Lane
Cleobury Mortimer
Shropshire DY14 8PE

01299 382 321
[email protected]
Copyright © 2024 Blisstech Solution Ltd
Registered No: 08125391 VAT No : 307 5490 05