Bookworm Windows Search Service Vulnerability Still Not Patched

Bookworm Windows Search Service Vulnerability image

A dangerous threat has recently been identified by security researchers as the Windows Search service vulnerability. Its alternative name is Bookworm and while it has been reported to Microsoft, the company has not yet patched the issue.

All About The Bookworm Windows Search Service Vulnerability

The public disclosure of the Bookworm vulnerability has prompted the security community to take a closer look at the operating system component that has been found vulnerable. The reports indicate that this is a Windows Search service vulnerability that is rated as dangerous both for the infected host and the network on which it works. Following the security protocols the zero-day bug was disclosed to Microsoft in due time however they have still not released a patch that amends the issue. As this has not happened in due time information about it was posted publicly.

The discovery was made after a network analysis indicated suspicious behaviour of the SearchProtocolHost.exe Windows service. The problem appears to be improper handling of URL files and hyperlinks. The generated FTP traffic seems to be made at random intervals, this has raised additional interest in the output leading to the discovery of the threat.

As the Windows component seems to handle .URL files in an improper way, as well as the relevant code and file attributes, the analysts have been able to pinpoint the origins of the bad behaviour. The malicious behaviour
The Bookworm Windows Search Service Vulnerability has been found to start once the requirements are met — a folder containing the relevant file that is launched by the user. This is possible even with removable storage devices such as USB flash drives. The malicious files allow the hackers to reveal sensitive information about the hosts. It affects the default configuration of the operating system and dates back (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by Martin Beltov. Read the original post at: