Your PC is facing a double whammy of cyber threats, both of them built into basic Windows features — one that exploits Windows search and another a Wi-Fi vulnerability.
The first vulnerability allows hackers to exploit search in what researchers have called a “clever” way, as reported by Trustwave. It begins when users are tricked into downloading malware, starting with phishing emails with malicious .ZIP attachments containing HTML files disguised as invoices or something along those lines.
When you open the HTML file, it opens your browser and engages with Windows Explorer’s search feature. Windows Explorer starts looking for anything called “INVOICE,” and then the search is relabeled to “Downloads,” which tricks the user into thinking they are viewing what they “downloaded.” A batch script is involved in this attack that, when activated, wakes up more malicious operations. At the moment, the type of malware the hackers were trying to distribute is now known.
To alleviate the situation, users can try turning off search-ms/search URI protocol handlers by erasing the related registry entries. To stay safe, users can be cautious in the email with the attachment they are getting; they can do things such as verify who the sender is, confirm the legitimacy, distrust attachments with a file extension you normally wouldn’t get, and if the email urges you to take immediate action, label it as a phishing scam.
The second vulnerability is a bit more dangerous. Microsoft is busy patching a security hole in the Windows Wi-Fi driver that allows hackers to run malicious code on a PC only when it is within a public Wi-Fi range. This vulnerability affects all modern versions of Windows Server and Windows. The attacker does not need prior access to your computer to do this. The weakness is characterized in CVE-202430078 and given a maximum severity of “Important.”
What’s also concerning is that the attack can bypass every authentication protocol and doesn’t need previous access rights or any user interaction. This vulnerability reminds us of the dangers of connecting to a public Wi-Fi network and the precautions that need to be taken. The flaw is called an Improper Input Validation security vulnerability, and unfortunately, it’s on all common versions of the Windows operating system.
Users can be affected if they have an unpatched version of Windows 11 or 10 or Windows Server versions from 2008 and on. Microsoft released a fix on June 11 that tackles 49 CVEs in Windows, Office, and their components. Azure Dynamic Business Central and Visual Studio are also included. These concurrent threats underscore the importance of remaining vigilant against cyberattacks and ensuring all software and security patches on your computer are up to date.