Microsoft Windows Search zero-day vulnerability can automatically open a search window containing remotely-hosted malware simply by launching a Word document. Matthew
Hickey, Hacker House co-founder and security researcher, found a way to combine the newly discovered Microsoft Office OLEObject flaw with the search-ms protocol handler. Using this
type of malicious Word document, bad actors can create elaborate phishing campaigns that automatically launch Windows Search windows on recipients' devices and trick them into launching malware.
Read the whole story at Bleeping Computer »