credential leaks

Security researchers at Acros have identified a new zero-day vulnerability (CVE-2024-38030) related to Windows theme files that can lead to the potential exposure of NTLM credentials. This vulnerability affects multiple Windows platforms, including Windows 11 (version 24H2). The issue arises when a theme file specifies a network file path for certain properties, causing Windows to send authenticated network requests to remote hosts, which can result in credential leaks if a malicious theme file is used. Microsoft issued a patch for an earlier related vulnerability (CVE-2024-21320), but researchers found it insufficient for systems that had stopped receiving updates. A more comprehensive patch has been developed by researchers to address all execution paths that could lead to credential leaks, and users of the micropatch service 0patch are currently protected against this vulnerability. The micropatches are available for all supported Windows versions and some legacy versions, specifically for Windows Workstation, and not for Windows Server.