A new zero-day vulnerability in Windows
Author : Matt Yarranton
2 June 2022

Introduction

A new zero-day vulnerability in Windows Search has been discovered which can be exploited to automatically open a malicious search window containing remotely-hosted malware executables. The vulnerability is triggered when a user launches a Word document, and can be used to target users across all versions of Windows. Microsoft has yet to release a patch for the vulnerability, so users are advised to exercise caution when opening Word documents from untrusted sources.

What is a zero-day vulnerability and why should I care about it

A zero-day vulnerability is a security hole in software that is unknown to the vendor. These vulnerabilities are highly prized by hackers, as they can be used to exploit systems using vulnerabilities that are yet unknown and are not patched.

Zero-day vulnerabilities are a serious threat to users, as they can be used to exploit systems without the user’s knowledge. In the case of the Windows Search vulnerability, a malicious script can be embedded in a Word document which, when opened by the user, will automatically open a search window containing remote-hosted malware executables. The malware then proceeds to infect the user’s machine.

The exploit in Windows Search and how it works

Windows Search is a built-in search feature in Windows that allows users to search for files and folders on their computer. The Windows Search vulnerability discovered by security researchers can be combined with another zero-day (CVE-2022-30190) and allows attackers to exploit the feature to automatically open a malicious search window containing remotely-hosted malware executables.

The exploit is activated when a user opens a Word document containing a malicious script. When the document is opened, the script automatically runs and opens a search window containing remote-hosted malware executables.

The impact of the exploit

Windows Search is a crucial component of the Windows operating system, used by millions of users every day to find files and folders on their computers. The vulnerability can be triggered by just previewing an Office document, and can be used to target users across all versions of Windows.

The recent discovery of a zero-day vulnerability in Windows Search has raised concerns among security experts, as the exploit can be used to automatically open a malicious search window containing remotely-hosted malware executables.

Using social engineering, the attackers would entice the user to run the malware by claiming they are critical updates or something else that creates a sense of urgency. Then the malware would proceed to infect the user’s machine.

How to protect yourself from the exploit

There are a few things you can do to protect yourself from the Windows Search exploit:

  • Do not open, or even preview, Office documents from untrusted sources.
  • Make sure your antivirus software is up-to-date.
  • Do not use an admin account for day to day activity. Admin rights are needed by most malware, so removing admin rights is one of the best forms of protection.
  • Educate your users on this threat and the risks.

In Conclusion

The recent discovery of a zero-day vulnerability in Windows Search has raised concerns among security experts, as the exploit can be used to automatically open a malicious search window containing remotely-hosted malware executables.

The exploit is triggered when a user launches an Office document, and can be used to target users across all versions of Windows. Microsoft has yet to release a patch for the vulnerability, so users are advised to exercise caution when opening Office documents from untrusted sources.

By following the security measures outlined above, you can help protect yourself and your organization from this dangerous exploit.

Want to discuss your businesses cybersecurity with an expert?  Why not get in touch?

More Content

VIDEO: How to use Conditional Formatting in Excel

This Tuesday Two Minute Tech-tip shows you how to automatically add pizzaz to your spreadsheets. Using a feature called 'Conditional Formatting', you can automatically format the cells of your Excel spreadsheet based on what is in them. For example, you can emphasise...

VIDEO: How to use Windows shortcut keys

Good morning everyone and welcome to your Tuesday Two Minute Tech Tip. 👉 Tired of dragging the mouse around the screen to access the things you use all of the time? 👉 Want to hear about some handy shortcuts Windows that you never know existed? Today's tip will help...

VIDEO: How to create a table of content in Word

Happy Tuesday everyone! Today's Two Minute Tech Tip was an idea given to me by my apprentice, George Borns. When asked what would be a good idea for a Tech Tip and without hesitation, George said "What about headings and tables of content in Word?" It is a great tip...

Protecting your data – Backup and Restore

Protecting your data - Backup and Restore Backing up your business data is critical. What are the different methods of backing up your data? How can you restore lost or corrupted data? These are all important questions for any business to ask themselves. After reading...

Is Your Business Ready for Coronavirus Lockdown?

With the COVID-19 coronavirus continuing to spread in the UK, and Italy and China placing lockdowns on their towns and cities, it seems likely that the UK will follow suit if the outbreak continues apace.  Experts have stated today that the spread of the virus in the...

VIDEO: How to use Mail Merge

This Tuesday Two Minute Tech-tip shows you how to automate customised emails and letters using Mail Merge. Imagine; you need to send a letter or email to 10s, or even 100s of people with the same base content, but personalised for each recipient. You could manually...

Ransomware Attacks Grow for Small Businesses

Two organisations have recently released reports on the state of ransomware and cybersecurity incidents affecting small businesses. Datto's State of the Channel Ransomware Report Datto has recently released their "State of the Channel Ransomware Report"  for 2019...

How to spot a scam

Would you know how to recognise a scam? In the 21st century, you are highly unlikely to encounter a con artist in the street as they hide behind phones, text messages and emails.  But the motivations behind 21st-century fraudsters have not changed; they want to make...

Why the Cloud is not backup

Cloud computing has revolutionised the way businesses work.  Companies that utilise the cloud will have coped the best with COVID-19 imposed restrictions.  Whether forced to by circumstance or not, businesses are moving from the traditional server in the office to...

IT Security Still Top Concern For SMBs

A new report from Kaseya reveals that IT Security is still the top concern for small and medium-sized businesses.  The “2019 State of IT Operations for Small and Midsize Businesses” survey took input from more than 400 global respondents and reveals that 32% of...
Share This