Skip to content
Windows Search zero-day added to Microsoft protocol issues.

Windows Search zero-day added to Microsoft protocol issues.

We have another Windows Search zero-day vulnerability being reported that can be used to automatically open a search window containing remote executables, simply by launching a Word document. Hackers can use the Microsoft Office OLEObject flaw with the search-ms protocol handler to open a remote search window simply by opening a Word document.

Hackers were exploiting the new Windows zero-day vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT). To exploit it, they created a malicious Word document that launched the ms-msdt URI protocol handler to execute PowerShell commands simply by opening the document.

These flaws makes it possible to modify Microsoft Office documents, by skipping over the Protected View and launching URI protocol handlers without interaction by users. Below are some of the latest patching related articles that help explain why keeping Windows patched up is critical to keeping users safe from harm.

Microsoft fixes new NTLM relay zero-day in all Windows versions

Microsoft May 2022 Patch Tuesday fixes 3 zero-days, 75 flaws

Windows 'RemotePotato0' zero-day gets an unofficial patch

Microsoft April 2022 Patch Tuesday fixes 119 flaws, 2 zero-days

Lets talk about how Patch Remedy can assist is making sure your users are safe.

Simply put, Patch Remedy for Automate can help keep your Windows agents patched up. Patch Remedy has been helping MSPs using LabTech or ConnectWise Automate for more than 5 years to control and improve their patching deliver services. Click on the image below to see how Patch Remedy can help you.

Patch Remedy for Automate


Older Post
Newer Post
Close (esc)


Use this popup to embed a mailing list sign up form. Alternatively use it as a simple call to action with a link to a product or a page.

Set your hostname screen

Is your Automate Hostname Filled Out?

Before purchasing any subscriptions you should verify your account settings for your Automate hostname. The hostname is used to validate licenses and without it you will show expired after purchase.


Shopping Cart

Your cart is currently empty.
Shop now