PoC Code Published for Windows Zero-Day Vulnerability

Security researcher, John Page, published proof-of-concept (PoC) code for an unpatched vulnerability present in Windows. The vulnerability lies in the way Windows handles contact information files, called vCard files (VCFs). A threat actor can craft a VCF file containing a nonthreatening link that, when clicked, can execute malicious code. While remote code execution is possible, the vulnerability itself is not remotely exploitable since a user interaction needs to take place. A second malicious file that the link points to must also be present on the victim’s computer. Windows expects to release a patch to address this vulnerability in April. In the meantime, the NJCCIC recommends users avoid clicking on any unsolicited or suspicious links or files. More details on the vulnerability can be found on ZDNet and John Page’s website.