This update explores newly identified protocol handlers in Windows 11 version 25H2, building upon previous research from 2018 and 2022. The author, in collaboration with @Radkeyboard7984, compares current protocol listings against older versions to identify significant changes in the operating system's URI-based attack surface.
The findings highlight a variety of new schemes including ms-recall, ms-clipchamp, and ms-windowsbackup. Tracking these protocols is essential for security analysts, as custom URI schemes are often targeted for exploitation, providing vectors for lateral movement or unauthorized application execution.
Top comments (0)