Windows Settings Shortcuts can be Abused for Code Execution

Microsoft Office has made strides in blocking common techniques used by cybercriminals to execute malicious code via email attachments and various file types, such as modified Word, Excel, and PowerPoint documents. An addition to Windows 10 has once again introduced another filetype that can be abused by attackers to achieve unauthorized access to systems. This "SettingContent-ms" file format allows for arbitrary shell commands, without displaying a warning or message box to the user, and is being actively exploited in the wild. To help protect systems, enable the Attack Surface Reduction (ASR) rules and monitor processes on endpoints. Process data should then be correlated and analyzed to determine any anomalous behavior.

Relevant URL(s): https://posts.specterops.io/the-tale-of-settingcontent-ms-files-f1ea253e4d39