When used in synergy, two recently discovered Windows flaws allow threat actors to run malware on a target endpoint(opens in new tab), researchers have found.
The two flaws are a Windows Search zero-day, and a Microsoft Office OLEObject flaw.
Through the use of a weaponized Word document, the Search zero-day can be used to automatically open a search window with a remotely hosted malware. This was made possible due to how Windows handles a URI protocol handler called “search-ms”.