New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials \u2013 Unofficial Patch
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
A critical vulnerability affecting all Windows operating systems from Windows 7 and Server 2008 R2 through the latest Windows 11 v24H2 and Server 2025.\u00a0<\/p>\n
This zero-day flaw enables attackers to capture users\u2019 NTLM authentication<\/a> credentials simply by having them view a malicious file in Windows Explorer.\u00a0<\/p>\n The vulnerability can be triggered when opening a shared folder, inserting a USB drive containing the malicious file, or even viewing a Downloads folder where such a file was previously downloaded from an attacker\u2019s website.<\/p>\n The newly discovered vulnerability shares similar attack scenarios with a previously patched URL file flaw (CVE-2025-21377<\/a>), though the underlying technical issue differs and has not been publicly documented before.\u00a0<\/p>\n While security researchers are withholding specific exploitation details until Microsoft releases an official patch, they confirm the vulnerability allows for credential theft through malicious file interaction.<\/p>\n Stop attacks before they start, powered by a 97% precise neural Network to Detect Cyber Attacks<\/a><\/strong><\/p>\n Although not classified as critical, this NTLM credential theft vulnerability remains dangerous, particularly in environments where attackers have already gained network access or can target public-facing servers like Exchange to relay stolen credentials.\u00a0<\/p>\n Security intelligence confirms these types of vulnerabilities have been actively exploited in real-world attacks.<\/p>\n The security team has reported this vulnerability to Microsoft according to responsible disclosure practices.\u00a0<\/p>\n While awaiting an official fix, they have developed and released<\/a> micropatches available via 0patch that will temporarily mitigate the issue. These micropatches will remain free until Microsoft implements a permanent solution.<\/p>\n This represents the fourth zero-day vulnerability<\/a> recently discovered by the same research team following:<\/p>\n Additionally, the \u201cEventLogCrasher\u201d vulnerability reported in January 2024, which allows attackers to disable Windows event logging across domain computers, remains unpatched by Microsoft.<\/p>\n The temporary security patches support a comprehensive range of Windows versions, including:<\/p>\n The micropatches have already been automatically distributed to affected systems with the 0patch Agent installed under PRO or Enterprise accounts.<\/p>\n To implement these protective measures, new users should create a free account in 0patch Central, start the available trial, and install and register the 0patch Agent.\u00a0<\/p>\n The process requires no system reboots, and patch deployment occurs automatically, providing immediate protection against this zero-day vulnerability while awaiting Microsoft\u2019s official fix.<\/p>\n The post New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials \u2013 Unofficial Patch<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nNTLM Vulnerability Exploited in Attacks<\/strong><\/h2>\n
Micropatch Availability<\/strong><\/h2>\n
\n
Legacy Windows versions:<\/strong><\/h2>\n
\n
Currently supported Windows versions:<\/strong><\/h2>\n
\n
Investigate Real-World Malicious Links & Phishing Attacks With\u00a0Threat Intelligence Lookup<\/strong>\u00a0-\u00a0Try for Free<\/a><\/code><\/strong><\/code><\/strong><\/p>\n