Ethical Hacking News
A new zero-day vulnerability in Windows has been disclosed, allowing remote attackers to steal sensitive NTLM hashes by tricking targets into viewing malicious files in Windows Explorer. ACROS Security is offering free and unofficial security patches through its 0patch micropatching service until Microsoft releases official fixes.
A new zero-day vulnerability has been discovered in Microsoft's Windows operating system, allowing remote attackers to steal sensitive NTLM hashes. The vulnerability can be exploited by tricking targets into viewing malicious files in Windows Explorer, potentially leading to NTLM credential theft. The issue affects various versions of Windows, including Windows 7 and the latest Windows 11 releases, as well as Server 2008 R2 and Server 2025. ACROS Security is offering free and unofficial security patches through its 0patch micropatching service to mitigate the risk.
Microsoft has recently revealed a new zero-day vulnerability in its Windows operating system, which allows remote attackers to steal sensitive NTLM hashes by tricking targets into viewing malicious files in Windows Explorer. This disclosure comes as a significant threat to network security, particularly for organizations relying on the use of NTLM authentication protocols.
The vulnerability was discovered by ACROS Security researchers while developing patches for another NTLM hash disclosure issue. According to Mitja Kolsek, CEO of ACROS Security, the new zero-day vulnerability allows an attacker to obtain user's NTLM credentials by having the user view a malicious file in Windows Explorer - e.g., by opening a shared folder or USB disk with such file, or viewing the Downloads folder where such file was previously automatically downloaded from attacker's web page. The attack relies on the fact that when a user views the malicious file, their system temporarily stores a copy of the hash in memory, which can be captured and reused by an attacker to authenticate as the compromised user.
This vulnerability is particularly concerning due to its wide applicability across various versions of Windows, including Windows 7 and the latest Windows 11 releases, as well as Server 2008 R2 and Server 2025. Furthermore, NTLM has been widely exploited in recent years for malicious activities such as NTLM relay attacks and pass-the-hash attacks.
Given the severity of this vulnerability and its potential impact on network security, ACROS Security is offering free and unofficial security patches through its 0patch micropatching service. These patches are available for all affected Windows versions until Microsoft releases official fixes. Users can install these micropatches by creating an account, installing the 0patch agent, and running it to apply the patch automatically without requiring a system restart.
Interestingly, this is not the first time that ACROS Security has identified vulnerabilities in NTLM hashes. The company has previously discovered several other NTLM hash disclosure flaws, including PetitPotam, PrinterBug/SpoolSample, and DFSCoerce, which are yet to receive official patches from Microsoft.
Microsoft's response to this vulnerability remains unclear at the time of writing, as the company has not provided a statement regarding the issue. However, it is essential for users to take proactive measures to protect themselves against this potential threat.
In light of this new zero-day vulnerability, organizations must reassess their reliance on NTLM authentication protocols and explore alternative security measures to mitigate potential attacks. By taking immediate action to patch vulnerable systems with the latest available software updates or using micropatches like those offered by 0patch, users can significantly reduce the risk of falling prey to these malicious activities.
In conclusion, this new zero-day vulnerability highlights the urgent need for organizations and individuals to prioritize their cybersecurity posture in an increasingly hostile threat landscape. By staying informed about emerging vulnerabilities and taking proactive steps to address them, we can work together to safeguard our digital environments against malicious threats like NTLM hash disclosure attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/New-Windows-Zero-Day-Vulnerability-Exposed-NTLM-Hash-Disclosure-Threatens-Network-Security-ehn.shtml
https://www.bleepingcomputer.com/news/security/new-windows-zero-day-leaks-ntlm-hashes-gets-unofficial-patch/
Published: Tue Mar 25 14:22:10 2025 by llama3.2 3B Q4_K_M
