Windows Zero-Day Exposes NTLM Credentials – Patch Now! Here is how.

  • Home » Windows Zero-Day Exposes NTLM Credentials – Patch Now! Here is how.
AuthQuake
Featured News Latest News Latest Vulnerabilities Recommended News Security , , , , ,

Windows Zero-Day Exposes NTLM Credentials – Patch Now! Here is how.

A new zero-day vulnerability has been discovered in Windows, exposing NTLM credentials. This flaw allows attackers to capture NTLM credentials by simply tricking the target into viewing a malicious file in Windows Explorer. The vulnerability impacts all Windows versions from Windows 7 and Server 2008 R2 up to the latest Windows 11 24H2 and Server 2022.

what-is-spyware-1200x630-1-1024x538 Windows Zero-Day Exposes NTLM Credentials – Patch Now! Here is how.

Discovery and Impact

The vulnerability was discovered by the 0patch team, a platform that provides unofficial support for end-of-life Windows versions. According to 0patch, the attack works by simply viewing a specially crafted malicious file in File Explorer.

This means that opening the file isn’t required for the attack to be successful. The flaw forces an outbound NTLM connection to a remote share, causing Windows to automatically send NTLM hashes for the logged-in user. These hashes can be cracked, allowing threat actors to gain access to login names and plaintext passwords.

Unofficial Patch

Since Microsoft has not yet released an official fix, 0patch has provided a free micropatch to protect users. This micropatch is available for all affected Windows versions and can be applied without requiring a system reboot. Users can register a free account on the 0patch Central platform to receive the patch automatically.

Mitigation Strategies

For users who do not want to apply the unofficial patch, there are alternative mitigation strategies. Turning off NTLM authentication with a Group Policy on ‘Security Settings > Local Policies > Security Options’ and configuring the “Network security: Restrict NTLM” policies can help protect against this vulnerability. The same can be achieved through registry modifications.

Microsoft’s Response

BleepingComputer reached out to Microsoft for a comment on the flaw and its plans to address it, but no response has been received yet. Microsoft had previously announced plans to phase out the NTLM authentication protocol in Windows 11, but until then, users remain vulnerable to such attacks.

Conclusion

This zero-day vulnerability highlights the ongoing challenges of maintaining security in widely used operating systems like Windows. While unofficial patches provide a temporary solution, it is crucial for users to stay informed and apply necessary security measures to protect their systems. The collaboration between security researchers and platforms like 0patch plays a vital role in mitigating risks until official fixes are released.

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it

Share this content:

Tag

Related Posts

Post Comment