A newly discovered zero-day vulnerability in Windows potentially exposes users across multiple Windows versions to credential theft. Discovered by 0patch researchers, this critical security flaw allows attackers to steal NTLM credentials through a deceptively simple method.
What Makes This Vulnerability Dangerous?
Widespread Impact
The vulnerability affects a wide range of Windows systems, including:
- Windows 7 and Server 2008 R2
- Windows 10 (multiple versions)
- Windows 11 (up to v24H2)
- Windows Server 2022
Exploitation Mechanism
Technical details of the vulnerability are withheld to minimize exploitation risk until Microsoft issues a fix to minimize any further risk of exploitation.
The vulnerability enables attackers to steal a user’s NTLM credentials by luring them into opening a malicious file in Windows Explorer.
Attackers can trigger the vulnerability through minimal user interaction:
- Opening a shared folder
- Accessing a USB disk
- Simply viewing a malicious file in Windows Explorer
- Accessing the Downloads folder with a strategically placed file
Issues with Unpatched Vulnerabilities
This isn’t an isolated incident. The same research team has previously identified multiple unresolved Windows vulnerabilities, including:
- Windows Theme file issue
- “Mark of the Web” vulnerability
- “EventLogCrasher” vulnerability
- Three NTLM-related vulnerabilities (PetitPotam, PrinterBug/SpoolSample, and DFSCoerce)
0patch Micropatches
0patch is offering a free micropatch for the latest NTLM zero-day to all users registered on its platform until Microsoft releases an official fix.
The security micropatch has already been automatically deployed to PRO and Enterprise accounts, except in cases where configurations explicitly block automatic updates.
Focusing on the proactive approach
While automated systems have already applied the patch to PRO and Enterprise accounts, a proactive approach to minimizing risks is to always have your servers hardened.
This proactive approach dramatically reduces the attack surface by ensuring consistent security configurations are rapidly applied across all systems, effectively shrinking the critical timeframe when servers remain exposed to newly discovered vulnerabilities like the recent NTLM zero-day exploit. Get in Touch to find out more.