A new zero-day vulnerability in Windows • Blisstech Solutions

Introduction

A new zero-day vulnerability in Windows Search has been discovered which can be exploited to automatically open a malicious search window containing remotely-hosted malware executables. The vulnerability is triggered when a user launches a Word document, and can be used to target users across all versions of Windows. Microsoft has yet to release a patch for the vulnerability, so users are advised to exercise caution when opening Word documents from untrusted sources.

What is a zero-day vulnerability and why should I care about it

A zero-day vulnerability is a security hole in software that is unknown to the vendor. These vulnerabilities are highly prized by hackers, as they can be used to exploit systems using vulnerabilities that are yet unknown and are not patched.

Zero-day vulnerabilities are a serious threat to users, as they can be used to exploit systems without the user’s knowledge. In the case of the Windows Search vulnerability, a malicious script can be embedded in a Word document which, when opened by the user, will automatically open a search window containing remote-hosted malware executables. The malware then proceeds to infect the user’s machine.

The exploit in Windows Search and how it works

Windows Search is a built-in search feature in Windows that allows users to search for files and folders on their computer. The Windows Search vulnerability discovered by security researchers can be combined with another zero-day (CVE-2022-30190) and allows attackers to exploit the feature to automatically open a malicious search window containing remotely-hosted malware executables.

The exploit is activated when a user opens a Word document containing a malicious script. When the document is opened, the script automatically runs and opens a search window containing remote-hosted malware executables.

The impact of the exploit

Windows Search is a crucial component of the Windows operating system, used by millions of users every day to find files and folders on their computers. The vulnerability can be triggered by just previewing an Office document, and can be used to target users across all versions of Windows.

The recent discovery of a zero-day vulnerability in Windows Search has raised concerns among security experts, as the exploit can be used to automatically open a malicious search window containing remotely-hosted malware executables.

Using social engineering, the attackers would entice the user to run the malware by claiming they are critical updates or something else that creates a sense of urgency. Then the malware would proceed to infect the user’s machine.

How to protect yourself from the exploit

There are a few things you can do to protect yourself from the Windows Search exploit:

  • Do not open, or even preview, Office documents from untrusted sources.
  • Make sure your antivirus software is up-to-date.
  • Do not use an admin account for day to day activity. Admin rights are needed by most malware, so removing admin rights is one of the best forms of protection.
  • Educate your users on this threat and the risks.

In Conclusion

The recent discovery of a zero-day vulnerability in Windows Search has raised concerns among security experts, as the exploit can be used to automatically open a malicious search window containing remotely-hosted malware executables.

The exploit is triggered when a user launches an Office document, and can be used to target users across all versions of Windows. Microsoft has yet to release a patch for the vulnerability, so users are advised to exercise caution when opening Office documents from untrusted sources.

By following the security measures outlined above, you can help protect yourself and your organization from this dangerous exploit.

Want to discuss your businesses cybersecurity with an expert?  Why not get in touch?

More Content

Don’t sleep on this simple, effective security booster

Don’t sleep on this simple, effective security booster

Microsoft’s enforcing an extra layer of security for logins to one of its tools. Even if you don’t use it, you should follow their lead and implement this security booster in your business.

Why now is a great time to start your own business

"I can accept failure, but I can't accept not trying." - Michael Jordan We are living in unprecedented times.  People are being prevented from leaving their homes and the average worker has been sent to work from home, put on reduced hours, or worse.  It is...
Microsoft’s browser takes back the Edge with streamlined settings

Microsoft’s browser takes the Edge with streamlined settings

Trying to find your way through the Settings menu in Microsoft Edge might leave you overwhelmed but a new update is about to make it easier. Here we tell you how.

Is Wi-Fi 7 worth the investment?

Is Wi-Fi 7 worth the investment?

Is upgrading to Wi-Fi 7 the right investment for your business? We look at the pros and cons of the next-gen wireless connection.

Man with magnifying glass

Cyber Essentials: A Guide to CE and its Benefits

Many people have heard of Cyber Essentials (CE), but do you know what it is and what benefits it can bring to your business? This article will discuss what cyber essentials is and how it can help your business and the role that a Cyber Essentials assessor plays in...

How to choose the correct hardware for your business

Do you know how to choose the correct hardware for business? Slow isn’t often a word you want to associate with your business. But when your hardware isn’t performing, you’ll hear it a lot. Complaints about PCs, your internet connection, even your network. Not only is...

Can your business go green by switching to the cloud?

Cloud computing has quickly become a popular option for businesses that want to streamline their operations, reduce costs, and become more flexible. But are you swayed by the idea that cloud services are automatically better for the environment? Could the need to do your bit ‘cloud’ your decision-making? Sorry. Bad pun. It’s true that cloud services have environmental benefits compared …
Read More

Tech Tip: The Power of Microsoft To Do

Hello everyone and welcome to a new Tuesday Two Minute Tech Tip.    👉 Do you want to get more organised?    👉 Do you wish you could see all of the things that you need to remember all in one place?    👉 Do you need a tool...

Tech Tip: How to create a table of content in Word

Happy Tuesday everyone! Today's Two Minute Tech Tip was an idea given to me by my apprentice, George Borns. When asked what would be a good idea for a Tech Tip and without hesitation, George said "What about headings and tables of content in Word?" It is a great tip...

3 things you should do now to protect your business email

It's a fact, most cyber attacks start with an email.  In fact, a frightening 91% of attacks begin with someone clicking on something they shouldn't in an email they received. Here are three things you can do now to protect your business and make it harder for...
Share This
Contact
Love Lane
Cleobury Mortimer
Shropshire DY14 8PE

01299 382 321
[email protected]
Copyright © 2024 Blisstech Solution Ltd
Registered No: 08125391 VAT No : 307 5490 05