micropatch Archives

Winsage

December 10, 2024

Critical Windows Zero-Day Alert: No Patch Available Yet for Users

A newly identified zero-day vulnerability in Windows allows attackers to steal NTLM credentials through methods such as opening a malicious file in Windows Explorer. This vulnerability affects multiple versions of Windows, including Windows Server 2022, Windows 11 (up to v24H2), Windows 10, Windows 7, and Server 2008 R2. The exploitation requires minimal user interaction, such as accessing shared folders or USB disks. In response, 0patch is providing a complimentary micropatch to registered users until Microsoft issues an official fix. The vulnerability is part of a larger trend of unresolved issues in Windows, and cybersecurity experts emphasize the need for enterprises to adopt robust security measures beyond automated patch management.

Winsage

December 9, 2024

Zero-day Windows NTLM hash vulnerability gets patched by third-party —credentials can be hijacked by merely viewing a malicious file in File Explorer

In June 2023, Microsoft announced the deprecation of the NTLM authentication protocol and recommended transitioning to the Windows Negotiate protocol. Security firm 0Patch discovered a new vulnerability in NTLM that allows credential hijacking by merely viewing an infected folder. Patches for Windows 11 are expected soon, but older systems like Windows 7 remain vulnerable. Windows 10 is nearing its end-of-life phase in October 2024, and users may need a paid support plan for continued coverage. 0Patch has not reported any attacks exploiting this NTLM issue in the wild, and their micropatch addresses a specific vulnerable NTLM instruction. However, this patch is unofficial, and users should consider their risk tolerance before installation.

Winsage

December 7, 2024

New Windows 7 To 11 Warning As Zero-Day With No Official Fix Strikes

A zero-day vulnerability has been discovered by researchers at Acros Security, affecting all versions of Windows from 7 to 11 and Windows Server 2008 R2 and later. This vulnerability targets the Windows NT LAN Manager and allows attackers to obtain a user's NTLM credentials by having the user view a malicious file in Windows Explorer. Currently, there is no official patch from Microsoft. The 0patch platform has released a free "micropatch" for users to protect their systems until an official fix is available.

Winsage

December 7, 2024

Micropatchers share fix for NTLM hash leak flaw in Windows

Acros Security has identified an unpatched NTLM vulnerability in Microsoft Windows, affecting versions from Windows 7 to Windows 11 v24H2, which risks credential theft. The vulnerability can be exploited through Windows Explorer when users view a malicious file, exposing their NTLM hash to remote attackers. Acros plans to release a micropatch to mitigate the risk and has contacted Microsoft regarding the issue. Historically, Acros has reported several zero-day vulnerabilities to Microsoft. The micropatching industry aims to provide more permanent solutions to security flaws, though it may introduce complications. As Windows 10 approaches retirement, IT managers may increasingly consider micropatching for system protection. Mainstream support for Windows 7 ended in 2015, with extended support concluding in 2020.

Winsage

December 6, 2024

New Windows zero-day exposes NTLM credentials, gets unofficial patch

A newly discovered zero-day vulnerability allows attackers to capture NTLM credentials from Windows users by simply viewing a malicious file in File Explorer. This flaw affects multiple Windows versions, including Windows 7, Server 2008 R2, and Windows 11 24H2, and has been reported to Microsoft, but no official fix has been issued. The exploit triggers an outbound NTLM connection to a remote share, leading to the automatic transmission of NTLM hashes associated with the logged-in user, which can be intercepted and cracked for unauthorized access. 0patch has previously reported two other unresolved vulnerabilities to Microsoft and will offer a micropatch for this issue free of charge until an official fix is provided. Users can also disable NTLM authentication as an alternative solution.

Winsage

December 6, 2024

0patch uncovers a security vulnerability in all versions of Windows — and releases free fixes

0patch has disclosed a 0day vulnerability affecting all desktop versions of Windows, including Windows Server, identified as a URL File NTLM Hash Disclosure vulnerability. This flaw impacts 21 different editions of the operating system, spanning from Windows 7 and Server 2008 R2 to Windows 11 v24H2 and Server 2022. The vulnerability allows an attacker to extract a user's NTLM credentials by having the user open a malicious file in Windows Explorer. 0patch has reported the issue to Microsoft, which has not yet provided a remedy, and has released free micropatches for all affected versions. Users can obtain the micropatch by creating a complimentary account in 0patch Central. The affected Windows editions include both legacy versions and those still receiving updates.

Winsage

December 2, 2024

Windows Server 2012 0-day Vulnerability Let Attackers Bypass Security Checks

A significant security vulnerability has been identified in Windows Server 2012 and Server 2012 R2, allowing attackers to bypass security measures enforced by the Mark of the Web (MotW) feature. This zero-day flaw has existed for over two years and affects certain file types, posing a risk even to fully updated systems and those with Extended Security Updates. The vulnerability was discovered by 0patch security researchers and reported to Microsoft, which has developed free micropatches to mitigate the issue until an official fix is released. The affected systems include Windows Server 2012 and 2012 R2, both updated to October 2023, and those with Extended Security Updates. Free micropatches are available for immediate protection on systems with the 0patch Agent. Security experts recommend applying the micropatches, monitoring for official updates from Microsoft, considering upgrades to supported server versions, and implementing additional security measures.

Winsage

October 31, 2024

New Microsoft Password Hack Uses Windows Themes 0-Day

Researchers from 0patch discovered a new zero-day vulnerability, CVE-2024-38030, while developing a micropatch for an existing Windows security flaw, CVE-2024-21320, which allowed attackers to extract NT Lan Manager user credentials through malicious Windows theme files. Microsoft’s patch for CVE-2024-21320 did not fully address all potential credential leakage scenarios, prompting the identification of the new vulnerability. 0patch created a more general patch for Windows theme files that covers all execution paths leading to credential leakage. Microsoft has acknowledged the new vulnerability and is working on a fix, but an official patch has not yet been released. Meanwhile, 0patch users can install a micropatch to protect their systems.

Winsage

October 31, 2024

New Windows Theme Zero-Day Vulnerability Let Attackers Steal Credentials

Security researchers at Acros have identified a new zero-day vulnerability (CVE-2024-38030) related to Windows theme files that can lead to the potential exposure of NTLM credentials. This vulnerability affects multiple Windows platforms, including Windows 11 (version 24H2). The issue arises when a theme file specifies a network file path for certain properties, causing Windows to send authenticated network requests to remote hosts, which can result in credential leaks if a malicious theme file is used. Microsoft issued a patch for an earlier related vulnerability (CVE-2024-21320), but researchers found it insufficient for systems that had stopped receiving updates. A more comprehensive patch has been developed by researchers to address all execution paths that could lead to credential leaks, and users of the micropatch service 0patch are currently protected against this vulnerability. The micropatches are available for all supported Windows versions and some legacy versions, specifically for Windows Workstation, and not for Windows Server.

Winsage

October 31, 2024

Windows Themes 0-day opens door to NTLM credential theft

A new zero-day vulnerability has been identified that targets Windows Themes, allowing attackers to steal NTLM credentials. Acros Security has released a complimentary micropatch to address this issue. The vulnerability, identified as CVE-2024-38030, allows exploitation through a malicious theme file that tricks users into transmitting their NTLM credentials. This flaw affects all fully updated Windows versions, including Windows 11 24H2. Acros Security has reported the vulnerability to Microsoft and has created micropatches for both legacy and currently supported Windows versions. User interaction is required for the exploit to be successful, such as downloading the malicious theme file from an email or website. Users are advised to apply the micropatches promptly to improve their security.