A new zero-day vulnerability in Windows • Blisstech Solutions

Introduction

A new zero-day vulnerability in Windows Search has been discovered which can be exploited to automatically open a malicious search window containing remotely-hosted malware executables. The vulnerability is triggered when a user launches a Word document, and can be used to target users across all versions of Windows. Microsoft has yet to release a patch for the vulnerability, so users are advised to exercise caution when opening Word documents from untrusted sources.

What is a zero-day vulnerability and why should I care about it

A zero-day vulnerability is a security hole in software that is unknown to the vendor. These vulnerabilities are highly prized by hackers, as they can be used to exploit systems using vulnerabilities that are yet unknown and are not patched.

Zero-day vulnerabilities are a serious threat to users, as they can be used to exploit systems without the user’s knowledge. In the case of the Windows Search vulnerability, a malicious script can be embedded in a Word document which, when opened by the user, will automatically open a search window containing remote-hosted malware executables. The malware then proceeds to infect the user’s machine.

The exploit in Windows Search and how it works

Windows Search is a built-in search feature in Windows that allows users to search for files and folders on their computer. The Windows Search vulnerability discovered by security researchers can be combined with another zero-day (CVE-2022-30190) and allows attackers to exploit the feature to automatically open a malicious search window containing remotely-hosted malware executables.

The exploit is activated when a user opens a Word document containing a malicious script. When the document is opened, the script automatically runs and opens a search window containing remote-hosted malware executables.

The impact of the exploit

Windows Search is a crucial component of the Windows operating system, used by millions of users every day to find files and folders on their computers. The vulnerability can be triggered by just previewing an Office document, and can be used to target users across all versions of Windows.

The recent discovery of a zero-day vulnerability in Windows Search has raised concerns among security experts, as the exploit can be used to automatically open a malicious search window containing remotely-hosted malware executables.

Using social engineering, the attackers would entice the user to run the malware by claiming they are critical updates or something else that creates a sense of urgency. Then the malware would proceed to infect the user’s machine.

How to protect yourself from the exploit

There are a few things you can do to protect yourself from the Windows Search exploit:

  • Do not open, or even preview, Office documents from untrusted sources.
  • Make sure your antivirus software is up-to-date.
  • Do not use an admin account for day to day activity. Admin rights are needed by most malware, so removing admin rights is one of the best forms of protection.
  • Educate your users on this threat and the risks.

In Conclusion

The recent discovery of a zero-day vulnerability in Windows Search has raised concerns among security experts, as the exploit can be used to automatically open a malicious search window containing remotely-hosted malware executables.

The exploit is triggered when a user launches an Office document, and can be used to target users across all versions of Windows. Microsoft has yet to release a patch for the vulnerability, so users are advised to exercise caution when opening Office documents from untrusted sources.

By following the security measures outlined above, you can help protect yourself and your organization from this dangerous exploit.

Want to discuss your businesses cybersecurity with an expert?  Why not get in touch?

More Content

Tech Tip: How to share files securely in Teams

Welcome to a new Tuesday tech tip video where we will be exploring how to share files securely with people outside of your organisation using Microsoft 365 and Teams. Microsoft Teams is a powerful tool that allows for seamless collaboration and communication within an...

Never mind “can’t teach an old dog new tricks”…

They say you can’t teach an old dog new tricks, but what happens when it’s a young pup that needs training? New research on people under 40 has revealed a scary attitude towards cyber security. We tell you more here.

Tech Tip: Send quick Teams messages from anywhere

We all know that Teams messaging is a great way to communicate with others, but it can be disruptive if it interrupts our flow. Even though Teams messaging is a great way to communicate with colleagues, it can easily break your concentration and flow. You might find...

Why the Cloud is not backup

Cloud computing has revolutionised the way businesses work.  Companies that utilise the cloud will have coped the best with COVID-19 imposed restrictions.  Whether forced to by circumstance or not, businesses are moving from the traditional server in the office to...
Where could AI take your business - Blog image

Could AI be the key to your businesses growth?

Artificial Intelligence (AI) is no longer just a futuristic concept. It's here now, and businesses of all sizes need to start embracing it to stay ahead of the competition. Our latest guide shows you how to use AI to revolutionise your business, from customer support...
Templates and Slide Masters in PowerPoint title

Tech Tip: How to use Templates and Slide Masters in PowerPoint

This Tech Tip will show you how to use templates and Slide Masters in PowerPoint to give your presentations a professional and consistent look. I've been using PowerPoint for over 25 years and have created a lot of presentations. Previously, I would work from a...

Tech Tip: How to manage staff shifts using Teams

Welcome to a new Tuesday tech tip video where we will show you how you can manage your staff shifts from right within Microsoft Teams. The Microsoft Teams app has grown to become one of the most widely used productivity apps in the world, yet most people aren't even...

Some bosses think their people do less when working from home

Microsoft has become the leader of productivity over many decades. Can you imagine doing your day to day work without their software? So it’s no surprise the tech giant recently conducted a major new survey into productivity in the workplace – and some of the results might surprise you. Researchers surveyed 20,000 people working for […]

IT Managed Services for Financial Services

Over the last four decades, technology has significantly impacted how Financial Services operate. In the past, Financial Services businesses, such as IFAs and accountants, had to track financial data manually. Today, they can use software to automate many of these...
A person in a hoodie surrounded by green cipher text

3 Things You Must Do to Protect Against Ransomware

Ransomware is an increasingly common and devastating cyberattack that can happen to any business. The ransomware attacks that get the most media attention are those on high profile companies, but ransomware attacks on small businesses are increasing too. Many smaller...
Share This
Contact
Love Lane
Cleobury Mortimer
Shropshire DY14 8PE

01299 382 321
[email protected]
Copyright © 2023 Blisstech Solution Ltd
Registered No: 08125391 VAT No : 307 5490 05