FlagThis

A critical zero-day vulnerability affecting all Windows versions from 7 to 11, and Server 2008 R2 to 2022, has been discovered. This flaw allows attackers to steal NTLM credentials simply by having a user view a malicious file in Windows Explorer; opening a shared folder, inserting a USB drive, or even browsing the Downloads folder could trigger the exploit. The vulnerability, discovered by 0patch researchers, doesn't require users to open or execute the file – merely viewing it is enough to compromise credentials. This highlights the ongoing risk posed by zero-day exploits and the importance of robust security patches and awareness programs.

0patch has reported the issue to Microsoft but has released free micropatches to mitigate the risk until an official fix is available. This is the third zero-day vulnerability 0patch has identified recently, with previous issues, including a Windows Theme file vulnerability and a ‘Mark of the Web’ bypass, still awaiting official Microsoft patches. The NTLM protocol itself has several known issues that Microsoft has chosen not to address, further emphasizing the need for proactive security measures and potentially alternative authentication methods. Organizations are urged to apply the available micropatches and consider additional security precautions.

ImgSrc: securityonline.

References :

• CyberInsider: New 0-Day NTLM Hash Disclosure Vulnerability in Windows 7 to 11
• gbhackers.com: Windows NTLM Zero-Day Vulnerability Exposes User Credentials
• malware.news: URL File NTLM Hash Disclosure Vulnerability (0day) - and Free Micropatches for it
• securityonline.info: SecurityOnline reports on a critical zero-day vulnerability in Windows exposing user credentials.
• 0patch Blog: 0patch blog post on the vulnerability and its micropatches.

Classification:

• HashTags: #WindowsZeroDay #NTLM #ZeroDayVulnerability
• Company: Microsoft
• Target: Windows Users
• Product: Windows
• Feature: NTLM Hash Disclosure
• Type: 0Day
• Severity: Critical