image credit: Pixabay

A new Windows Search zero-day is giving Microsoft another security headache

June 2, 2022

Via: Techradar

When used in synergy, two recently discovered Windows flaws allow threat actors to run malware on a target endpoint(opens in new tab), researchers have found.

The two flaws are a Windows Search zero-day, and a Microsoft Office OLEObject flaw.

Through the use of a weaponized Word document, the Search zero-day can be used to automatically open a search window with a remotely hosted malware. This was made possible due to how Windows handles a URI protocol handler called “search-ms”.

Read More on Techradar