A novel command execution technique dubbed ‘GrimResource’ uses specially crafted MSC (Microsoft Saved Console) and an unpatched Windows XSS flaw to perform code execution via the Microsoft Management Console. […]
from https://www.bleepingcomputer.com/news/security/new-attack-uses-msc-files-and-windows-xss-flaw-to-breach-networks/