New Attack Technique Using MSC Files and XSS Flaw

This technical report discusses a new attack technique known as 'GrimResource' that exploits specially crafted Microsoft Saved Console (MSC) files and an unpatched Windows XSS vulnerability to execute arbitrary code via the Microsoft Management Console (MMC). The report outlines how threat actors are utilizing this novel command execution method to bypass security measures and gain unauthorized access to systems. The researchers confirm that the XSS flaw remains unpatched in the latest Windows 11 version, allowing attackers to combine this vulnerability with other techniques, such as DotNetToJScript, to achieve full system takeover. The report also highlights the discovery of a malicious MSC file recently uploaded to VirusTotal, which was not flagged by any antivirus engines. Recommendations for mitigating this threat include implementing strict file handling policies, regular patch management, and user education to enhance security awareness regarding potential risks associated with unknown files.