• Bleeping Computer, Thursday, June 2, 2022 1:34 PM

Microsoft Windows Search zero-day vulnerability can automatically open a search window containing remotely-hosted malware simply by launching a Word document. Matthew Hickey, Hacker House co-founder and security researcher, found a way to combine the newly discovered Microsoft Office OLEObject flaw with the search-ms protocol handler. Using this type of malicious Word document, bad actors can create elaborate phishing campaigns that automatically launch Windows Search windows on recipients' devices and trick them into launching malware.

Read the whole story at Bleeping Computer »