A security vulnerability was recently discovered in the Windows search protocol (Search-ms). A hacker could exploit it with a malicious Word document.
on Twitter hackerfantastic.crypto It states that it has detected and reported this security issue. On compromised computers, an attacker could open a window automatically every time a new Word document is launched. this is false window Displays “Important” updates and prompts to install them. It is actually malware.
Windows, “Search-ms” vulnerability, solution.
It is possible to protect yourself. At first, you should never interact with these fake links. Obviously, if the Windows search window appears without explanation, just ignore it there. However, the best solution is to block Windows Search pages controlled by attackers.
The process requires going through a few command lines.
Press Ctrl + Esc to open the splash screen and then type CMD in the search field. Click Run as administrator
The following command saves the registry key.
reg export HKEY_CLASSES_ROOT\search-ms search-ms.reg
Then run this command to delete the registry key.
reg delete HKEY_CLASSES_ROOT\search-ms /f
Close Command Prompt and restart your computer for the changes to take effect.
Note that this is not CVE-2022-30190 but we do have use of the same OLEObject vector as CVE-2021-40444 and CVE-2022-30190, but because the attack requires additional user interaction and an outgoing UNC connection, the risk of CVSS result is reduced. The defect is not currently patched, but the mitigations are working.
“Hardcore beer fanatic. Falls down a lot. Professional coffee fan. Music ninja.”