neowin[.]net/news/protocol-vulnerability-allows-launching-malicious-windows-search-by-just-opening-word-file/
This new zero-day was found when security researchers were exploring/testing the zero-day from earlier this week. This one uses a feature in Windows Search, and can be exploited with a Word or RTF document -- there may be additional, related vulnerabilities, but it's likely too soon to say. Like the earlier zero-day, the workaround to protect yourself is to delete a registry key.
In Regedit you can navigate to [HKEY_CLASSES_ROOT\search-ms], or Edit -> Find -> search-ms, exporting [saving] the key in case you want to re-enable it later when it's fixed, and then deleting the key. You can also delete the key by adding the following to a text file in Notepad, naming the file [SomeName].reg, double clicking it to merge it with the registry:
Windows Registry Editor Version 5.00
[-HKEY_CLASSES_ROOT\search-ms]
Microsoft advises the following method using the Command Prompt [Terminal will work as well]:
Users can protect their systems by doing what Microsoft recommends to mitigate the MSDT vulnerability. Removing the search-ms protocol handler from Windows Registry will help secure a system:Press Win + R, type cmd and press Ctrl + Shift + Enter to run Command Prompt as Administrator.
Type reg export HKEY_CLASSES_ROOT\search-ms search-ms.reg and press Enter to create a backup of the key.
Type reg delete HKEY_CLASSES_ROOT\search-ms /f and press Enter to remove the key from Windows Registry.