search-ms

Another Windows protocol vulnerability emerges; this time it is a Windows Search zero-day

Following on from the Follina security flaw, another Windows zero-day vulnerability has come to light. Dubbed SearchNightmare, the issue allows the search-ms URI protocol handler to be used to launch remotely hosted malware-ridden executables via a search window.

The protocol is normally used to perform local searches, but it can also be used to do the same with shared files on a remote host. An attacker could easily trick a victim into clicking a search-ms URI, and a method has been found to bypass the security warning that should be displayed by default.

By Sofia Elizabella Wyciślik-Wilson - June 2, 2022

search-ms

Another Windows protocol vulnerability emerges; this time it is a Windows Search zero-day

Recent Headlines

Your earbuds can now translate over 70 languages in real time with Gemini AI

Financial sector hit hard by breaches but ransomware seeks targets elsewhere

Over a third of US adults now use AI every day

Most companies aren't measuring AI's environmental impact, new report shows

Huawei's new Mate X7 foldable phone has a slimmer build, upgraded cameras and an improved hinge

One in 25 digital identity checks flagged as fraudulent

How self-governing identity infrastructure can streamline policy enforcement [Q&A]

Most Commented Stories

You can now grab a wide selection of Windows 11 themes from the Microsoft Store

Google Maps now makes it easier for iPhone users to find their cars

Ashampoo announces Burning Studio 27 with smarter ripping and better audiobook tools

Your earbuds can now translate over 70 languages in real time with Gemini AI

How agentic AI is set to redefine enterprise APIs [Q&A]

ChatGPT Atlas ranks as the least private browser in new study

Google thinks that Chrome autofill will make the holiday season easier

WhatsApp is bringing a new, softer look to chats

NEWS

UNITED KINGDOM