When used in synergy, two recently discovered Windows flaws allow threat actors to run malware on a target endpoint, researchers have found.
The two flaws are a Windows Search zero-day, and a Microsoft Office OLEObject flaw.
Through the use of a weaponized Word document, the Search zero-day can be used to automatically open a search window with a remotely hosted malware. This was made possible due to how Windows handles a URI protocol handler called “search-ms”.
https://cdn.mos.cms.futurecdn.net/ybbmQ8p4Q999AkMWkW8HLm.jpg
Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.
[HEADING=1]OLEObject flaw[/HEADING]
This protocol allows apps and HTML links to launch customized searches. The problem is that Windows will warn the victim that the site is trying to open Windows Explorer, possibly alerting most of them that something’s amiss.
However, Hacker House co-founder and security researcher Matthew Hickey discovered that by pairing this flaw with the Microsoft Office OLEObject flaw, a search window can be opened simply by opening a Word document.
Long story short, a crook can land a weaponized Word document via a phishing email, and once the victim opens it, a custom Windows Search page can pop up, containing malware hosted remotely.
The share can carry any name the attacker wants, BleepingComputer has warned, including things like “Critical Updates”.
Read more
Luckily enough, there’s a way to mitigate the threat, by deleting the search-ms protocol handler from the Windows Registry. To do that, run CMD as Administrator, and then run this command: “reg delete HKEY_CLASSES_ROOT\search-ms /f”.
Abusing URI protocol handlers seems to be high fashion these days, as earlier this week, researchers found cybercrooks abusing such a flaw found in the Microsoft Windows Support Diagnostic Tool (MSDT). With the help of a weaponized Word document, the “ms-msdt” URI protocol handler can be launched which, in turn, can execute any PowerShell commands.
The flaw, dubbed “Follina”, was found being used by Chinese state-sponsored attackers, against the international Tibetan community.
[ul]
[li]These are the best firewalls right now[/li][/ul]
Via: BleepingComputer
Continue reading…
The two flaws are a Windows Search zero-day, and a Microsoft Office OLEObject flaw.
Through the use of a weaponized Word document, the Search zero-day can be used to automatically open a search window with a remotely hosted malware. This was made possible due to how Windows handles a URI protocol handler called “search-ms”.
https://cdn.mos.cms.futurecdn.net/ybbmQ8p4Q999AkMWkW8HLm.jpg
Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.
[HEADING=1]OLEObject flaw[/HEADING]
This protocol allows apps and HTML links to launch customized searches. The problem is that Windows will warn the victim that the site is trying to open Windows Explorer, possibly alerting most of them that something’s amiss.
However, Hacker House co-founder and security researcher Matthew Hickey discovered that by pairing this flaw with the Microsoft Office OLEObject flaw, a search window can be opened simply by opening a Word document.
Long story short, a crook can land a weaponized Word document via a phishing email, and once the victim opens it, a custom Windows Search page can pop up, containing malware hosted remotely.
The share can carry any name the attacker wants, BleepingComputer has warned, including things like “Critical Updates”.
Read more
This dangerous Microsoft Office zero-day is now being exploited in the wild
Watch out for this dangerous new Microsoft Word scam, Office users warned
This dangerous Windows zero-day lets you instantly become an admin
Watch out for this dangerous new Microsoft Word scam, Office users warned
This dangerous Windows zero-day lets you instantly become an admin
Abusing URI protocol handlers seems to be high fashion these days, as earlier this week, researchers found cybercrooks abusing such a flaw found in the Microsoft Windows Support Diagnostic Tool (MSDT). With the help of a weaponized Word document, the “ms-msdt” URI protocol handler can be launched which, in turn, can execute any PowerShell commands.
The flaw, dubbed “Follina”, was found being used by Chinese state-sponsored attackers, against the international Tibetan community.
[ul]
[li]These are the best firewalls right now[/li][/ul]
Via: BleepingComputer
Continue reading…