Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Security Researchers Discover New Windows Search Protocol Vulnerability

Security researchers have discovered a new zero-day vulnerability that allows hackers to launch a Windows search window via malicious Word documents. The security flaw exists in the Windows search protocol handler (search-ms) that allows applications and links to open searches for malicious attacks.

According to Bleeping Computer, an attacker could abuse the protocol handler to create a malicious Windows Update directory. The threat actors distributed the search-ms URI via phishing emails to trick users into installing the malware. However, many modern browsers (including Microsoft Edge) show security warnings to prevent users from running harmful executable files.

Additionally, security researchers have found a new vulnerability in Microsoft Office OLEObject. Attackers can exploit this flaw to bypass the Explorer preview pane and open a search window without any user intervention. It is also possible to create Rich Text Format (RTF) documents that can automatically launch a new search window each time a preview appears in the Preview Pane.

https://twitter.com/hackerfantastic/status/1531789430922567681

Workaround to fix Windows Search protocol vulnerability

Microsoft has yet to confirm this new protocol vulnerability in Windows 10 and Windows 11. As a workaround, the security researcher has recommended users to delete the search-ms protocol handler from Windows Registry by following the steps mentioned below:

First of all, type cmd in the search bar, right-click the Command Prompt option, and then choose Run as administrator from the list.
Execute the command “reg export HKEY_CLASSES_ROOT\ms-msdt filename” in the command prompt window to create a back of the registry.
Run the following command to remove the key from Windows Registry: reg delete HKEY_CLASSES_ROOT\search-ms /f
Finally, close the Registry Editor and reboot your PC.

In case you missed it, Microsoft has also confirmed another zero-day flaw that lets hackers execute malicious PowerShell commands via the Microsoft Diagnostic Tool (MSDT) on Windows machines. Meanwhile, CISA has published an alert that urges IT Pros to apply temporary workaround solutions mentioned in Microsoft’s security advisory.

by Rabia Noureen
Jun 2, 2022

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

What is a Roaming User Profile on Windows?

Sep 1, 2023
Oct 24, 2023
What’s New in Windows – May 2023

Jun 1, 2023
How to Enable Auto Login on Windows 10

Jun 2, 2023
Jul 19, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.