Security Researchers Discover New Windows Search Protocol Vulnerability
Security researchers have discovered a new zero-day vulnerability that allows hackers to launch a Windows search window via malicious Word documents. The security flaw exists in the Windows search protocol handler (search-ms) that allows applications and links to open searches for malicious attacks.
According to Bleeping Computer, an attacker could abuse the protocol handler to create a malicious Windows Update directory. The threat actors distributed the search-ms URI via phishing emails to trick users into installing the malware. However, many modern browsers (including Microsoft Edge) show security warnings to prevent users from running harmful executable files.
Additionally, security researchers have found a new vulnerability in Microsoft Office OLEObject. Attackers can exploit this flaw to bypass the Explorer preview pane and open a search window without any user intervention. It is also possible to create Rich Text Format (RTF) documents that can automatically launch a new search window each time a preview appears in the Preview Pane.
Workaround to fix Windows Search protocol vulnerability
Microsoft has yet to confirm this new protocol vulnerability in Windows 10 and Windows 11. As a workaround, the security researcher has recommended users to delete the search-ms protocol handler from Windows Registry by following the steps mentioned below:
- First of all, type cmd in the search bar, right-click the Command Prompt option, and then choose Run as administrator from the list.
- Execute the command “reg export HKEY_CLASSES_ROOT\ms-msdt filename” in the command prompt window to create a back of the registry.
- Run the following command to remove the key from Windows Registry: reg delete HKEY_CLASSES_ROOT\search-ms /f
- Finally, close the Registry Editor and reboot your PC.
In case you missed it, Microsoft has also confirmed another zero-day flaw that lets hackers execute malicious PowerShell commands via the Microsoft Diagnostic Tool (MSDT) on Windows machines. Meanwhile, CISA has published an alert that urges IT Pros to apply temporary workaround solutions mentioned in Microsoft’s security advisory.
More in Windows 11
Microsoft to Start Notifying Windows 8.1 Users About Upcoming End of Support
Jun 24, 2022 | Rabia Noureen
Windows 11 to Add 'Legacy' Local Administrator Password Solution
Jun 23, 2022 | Rabia Noureen
Microsoft's Out-Of-Band Patch Fixes Microsoft 365 and Azure AD Sign-In Issues on ARM Devices
Jun 21, 2022 | Rabia Noureen
Microsoft is Investigating Sign-In Issues Affecting Microsoft 365 and Azure AD on ARM Devices
Jun 20, 2022 | Rabia Noureen
Microsoft to Fix Windows Bug Breaking Wi-Fi hotspots After Installing Latest Patch Tuesday Update
Jun 17, 2022 | Rabia Noureen
Microsoft Releases First ARM64 Preview of Visual Studio for Windows 11
Jun 15, 2022 | Rabia Noureen
Most popular on petri