micropatch Archives

Winsage

January 16, 2026

Still on Windows 10? 0patch may be your best defense in the ‘End of Support era’

In early 2023, Microsoft announced that official support for Windows 10 would end in 2025, with regular updates and security patches ceasing on October 14, 2025. Users have a little over two years to transition to Windows 11 or other operating systems. Some users have enrolled in Microsoft's Extended Security Updates (ESU) program, which will also end in October 2026. A third-party service called 0patch offers ongoing protection for Windows 10 by providing micropatches for vulnerabilities. 0patch releases two to three micropatches each month, prioritizing vulnerabilities that are publicly known, actively exploited, and lack an official Microsoft fix. 0patch has a free version that provides critical zero-day patches and a paid Pro plan that includes legacy patches. The Pro plan costs €25 per year, while an Enterprise plan is available for €35 annually. 0patch plans to support Windows 10 until at least October 2030, depending on user demand. Users have reported some performance issues with 0patch, but the updates are lightweight and do not significantly affect system performance.

Winsage

December 12, 2025

New Windows RasMan zero-day flaw gets free, unofficial patches

Free unofficial patches are available for a newly identified Windows zero-day vulnerability that allows attackers to crash the Remote Access Connection Manager (RasMan) service, which operates with SYSTEM-level privileges and manages VPN and remote network connections. This denial-of-service flaw was discovered by ACROS Security while investigating a previously patched privilege escalation vulnerability (CVE-2025-59230) in RasMan. The new zero-day has not yet received a CVE ID and affects all Windows versions from Windows 7 to Windows 11, including Windows Server 2008 R2 through Server 2025. The vulnerability can be exploited by unprivileged users due to a coding error in how RasMan processes circular linked lists, leading to a crash when a null pointer is encountered. ACROS Security is providing free micropatches through its 0Patch service until Microsoft releases an official fix. Users must create an account and install the 0Patch agent to apply the micropatch automatically.

Winsage

December 3, 2025

Microsoft mitigates Windows LNK flaw exploited as zero-day

Microsoft has addressed a security vulnerability in Windows tracked as CVE-2025-9491, which allows malicious actors to embed harmful commands in Windows LNK files, requiring user interaction to exploit. Threat actors often distribute these files in ZIP formats to bypass email security. In March 2025, 11 hacking groups, including Evil Corp and Kimsuky, were actively exploiting this vulnerability using various malware payloads. Although Microsoft initially did not consider the issue urgent, it later modified the handling of LNK files in November updates to allow users to view the entire character string in the Target field. However, this change does not eliminate the malicious arguments embedded in the files. ACROS Security has released an unofficial patch that restricts shortcut target strings to 260 characters and alerts users about risks associated with long target strings, covering multiple Windows versions.

Winsage

December 3, 2025

Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation

Microsoft has addressed a long-standing security vulnerability, identified as CVE-2025-9491, which has been exploited since 2017. This vulnerability involves a misinterpretation issue within Windows Shortcut (LNK) files, potentially allowing remote code execution. The flaw was highlighted in the November 2025 Patch Tuesday updates, with a CVSS score of 7.8/7.0. It allows crafted .LNK files to obscure harmful content, making it invisible to users, thus enabling attackers to execute code under the current user's context. The vulnerability was exploited by various state-sponsored groups, including those from China, Iran, North Korea, and Russia, for data theft and espionage. Microsoft initially deemed the flaw not warranting immediate attention, citing user interaction requirements and existing system warnings. Subsequent investigations revealed its exploitation by cyber espionage groups, including XDSpy and China-affiliated actors targeting European entities. The recent patch aims to ensure that the entire Target command is displayed in the Properties dialog, while 0patch provides warnings for LNK files exceeding 260 characters.

Winsage

March 26, 2025

New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials

A critical vulnerability affecting various Windows operating systems, including Windows 7, Server 2008 R2, Windows 11 v24H2, and Server 2025, allows attackers to capture NTLM authentication credentials through interactions with malicious files in Windows Explorer. Exploitation can occur when users open shared folders, insert USB drives with malicious files, or view downloaded files. The vulnerability is similar to a previously patched flaw (CVE-2025-21377) but has not been fully documented. Security researchers have developed micropatches available for free until Microsoft releases a permanent fix. These micropatches support a wide range of Windows versions, including legacy and currently supported systems. The micropatches have been automatically distributed to affected systems with the 0patch Agent installed.

Winsage

March 26, 2025

New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials

A critical vulnerability affects all Windows operating systems from Windows 7 to Windows 11 v24H2 and Server 2025, allowing attackers to capture NTLM authentication credentials through malicious files viewed in Windows Explorer. Exploitation can occur when users open shared folders, insert USB drives with malicious files, or view previously downloaded files. The vulnerability is similar to a previously patched flaw (CVE-2025-21377) but has not been publicly documented. Security researchers have developed micropatches through 0patch to temporarily mitigate the issue, which will be available at no cost until Microsoft releases a permanent solution. The micropatches support various Windows versions, including legacy and currently supported systems, and can be automatically deployed without requiring system reboots.

Winsage

March 25, 2025

New Windows zero-day leaks NTLM hashes, gets unofficial patch

A newly discovered zero-day vulnerability in Windows allows remote attackers to steal NTLM credentials by tricking users into opening malicious files in Windows Explorer. This flaw affects various Windows versions, including Windows 7 through Windows 11 and Server 2008 R2 to Server 2025. The vulnerability, identified by ACROS Security researchers, has not been assigned a CVE-ID and enables attackers to obtain NTLM credentials through methods like accessing shared folders or USB drives. While the exploit's criticality is moderate and depends on specific conditions, it has been linked to actual attacks. ACROS Security has released free micropatches for all affected Windows versions via its 0Patch service until Microsoft provides an official fix. Users can install the micropatch easily by creating an account and activating the 0patch agent, which applies the patch automatically.

Winsage

December 10, 2024

Critical Windows Zero-Day Alert: No Patch Available Yet for Users

A newly identified zero-day vulnerability in Windows allows attackers to steal NTLM credentials through methods such as opening a malicious file in Windows Explorer. This vulnerability affects multiple versions of Windows, including Windows Server 2022, Windows 11 (up to v24H2), Windows 10, Windows 7, and Server 2008 R2. The exploitation requires minimal user interaction, such as accessing shared folders or USB disks. In response, 0patch is providing a complimentary micropatch to registered users until Microsoft issues an official fix. The vulnerability is part of a larger trend of unresolved issues in Windows, and cybersecurity experts emphasize the need for enterprises to adopt robust security measures beyond automated patch management.

Winsage

December 9, 2024

Zero-day Windows NTLM hash vulnerability gets patched by third-party —credentials can be hijacked by merely viewing a malicious file in File Explorer

In June 2023, Microsoft announced the deprecation of the NTLM authentication protocol and recommended transitioning to the Windows Negotiate protocol. Security firm 0Patch discovered a new vulnerability in NTLM that allows credential hijacking by merely viewing an infected folder. Patches for Windows 11 are expected soon, but older systems like Windows 7 remain vulnerable. Windows 10 is nearing its end-of-life phase in October 2024, and users may need a paid support plan for continued coverage. 0Patch has not reported any attacks exploiting this NTLM issue in the wild, and their micropatch addresses a specific vulnerable NTLM instruction. However, this patch is unofficial, and users should consider their risk tolerance before installation.

Winsage

December 7, 2024

New Windows 7 To 11 Warning As Zero-Day With No Official Fix Strikes

A zero-day vulnerability has been discovered by researchers at Acros Security, affecting all versions of Windows from 7 to 11 and Windows Server 2008 R2 and later. This vulnerability targets the Windows NT LAN Manager and allows attackers to obtain a user's NTLM credentials by having the user view a malicious file in Windows Explorer. Currently, there is no official patch from Microsoft. The 0patch platform has released a free "micropatch" for users to protect their systems until an official fix is available.