Windows can be hacked through the built-in system search

Information security researchers have discovered a dangerous vulnerability in one of the Windows Search components. The danger lies in the possibility of remotely opening a window containing remotely stored malware executable files.

The vulnerability lies in the handling of the “search-ms” URI protocol, which allows applications and HTML links to run custom searches on the device. Windows search is directed inside the device and finds files in the system, but with a declared vulnerability, this function can be directed to file shares located on remote hosts.

The problem can be implemented through Microsoft Office files using “search-ms”. In this case, the vulnerability allows opening a remote search window using a Word document.

Leave a Reply

Your email address will not be published.