close
close

Your PC’s security is being attacked on two new fronts

Your PC faces a double threat from cyber threats, both built into basic Windows features: one exploits Windows Search and another is a Wi-Fi vulnerability.

The first vulnerability allows hackers to exploit search in a “clever” way, researchers report, as reported by Trustwave. It starts by tricking users into downloading malware, starting with phishing emails with malicious .ZIP attachments containing HTML files disguised as invoices or something similar.

When you open the HTML file, your browser will open and activate the Windows Explorer search function. Windows Explorer will look for anything called “INVOICE” and then the search will be renamed to “Downloads,” tricking the user into thinking they are looking at what they “downloaded.” This attack involves a batch script that, when activated, triggers further malicious operations. It is currently unknown what type of malware the hackers were attempting to distribute.

To mitigate the situation, users can try to disable search-ms/search’s URI protocol handlers by deleting the corresponding registry entries. To be safe, users can be cautious about emails with attachments they receive. For example, they can check who the sender is, confirm legitimacy, be suspicious of attachments with a file extension they would not normally receive, and flag it as a phishing scam if the email urges you to take immediate action.

The second vulnerability is a little more dangerous. Microsoft is busy patching a security hole in the Windows Wi-Fi driver that allows hackers to execute malicious code on a PC only when it is within range of a public Wi-Fi network. This vulnerability affects all modern versions of Windows Server and Windows. The attacker does not need prior access to your computer to exploit it. The vulnerability is characterized as CVE-202430078 and is given the maximum severity level of “Important”.

What’s also worrying is that the attack can bypass any authentication protocol and does not require prior access rights or user interaction. This vulnerability reminds us of the dangers of connecting to a public Wi-Fi network and the precautions that must be taken. The flaw is called an improper input validation vulnerability and is unfortunately present in all major versions of the Windows operating system.

Users may be affected if they have an unpatched version of Windows 11 or 10, or Windows Server versions from 2008 onwards. Microsoft released a fix on June 11 that addresses 49 CVEs in Windows, Office, and their components. Azure Dynamic Business Central and Visual Studio are also included. These concurrent threats underscore the importance of staying vigilant against cyberattacks and ensuring all software and security patches on your computer are up to date.

Editor’s recommendations