micropatches Archives

Winsage

February 20, 2025

Can’t quit Windows 10? You can pay Microsoft for updates after October, or try these alternatives

An ESU subscription allows customers to receive updates automatically through Windows Update, with updates also available for individual download via the Microsoft Update Catalog. Customers can set reminders to check for updates after their release, typically on the second Tuesday of each month. For a more streamlined approach, the third-party service 0patch offers critical security patches for Windows 10 for at least five years after the end-of-support date, costing between and per PC annually. 0patch provides "micropatches" for vulnerabilities discovered after October 14, 2025, which are small and applied to running processes without altering Microsoft's original files. Unauthorized alternatives, like PowerShell activation scripts from the Massgrave hacking collective, allow users to bypass Microsoft's licensing agreements for a free three-year ESU subscription, but using these scripts is illegal and poses significant risks to businesses.

Winsage

December 10, 2024

Microsoft NTLM Zero-Day to Remain Unpatched Until April

Microsoft has issued new guidance to help organizations defend against NTLM relay attacks following the discovery of a zero-day vulnerability affecting all versions of Windows Workstation and Server, from Windows 7 to Windows 11. This vulnerability allows attackers to capture NTLM credentials by tricking users into opening a malicious file. Microsoft has classified the vulnerability as having moderate severity and expects a fix to be rolled out in April. This is the second NTLM credential leak zero-day reported to Microsoft by ACROS Security since October. Microsoft has updated its guidance on enabling Extended Protection for Authentication (EPA) by default on LDAP, AD CS, and Exchange Server to mitigate NTLM-related vulnerabilities.

Winsage

December 10, 2024

Critical Windows Zero-Day Alert: No Patch Available Yet for Users

A newly identified zero-day vulnerability in Windows allows attackers to steal NTLM credentials through methods such as opening a malicious file in Windows Explorer. This vulnerability affects multiple versions of Windows, including Windows Server 2022, Windows 11 (up to v24H2), Windows 10, Windows 7, and Server 2008 R2. The exploitation requires minimal user interaction, such as accessing shared folders or USB disks. In response, 0patch is providing a complimentary micropatch to registered users until Microsoft issues an official fix. The vulnerability is part of a larger trend of unresolved issues in Windows, and cybersecurity experts emphasize the need for enterprises to adopt robust security measures beyond automated patch management.

Winsage

December 7, 2024

Micropatchers share fix for NTLM hash leak flaw in Windows

Acros Security has identified an unpatched NTLM vulnerability in Microsoft Windows, affecting versions from Windows 7 to Windows 11 v24H2, which risks credential theft. The vulnerability can be exploited through Windows Explorer when users view a malicious file, exposing their NTLM hash to remote attackers. Acros plans to release a micropatch to mitigate the risk and has contacted Microsoft regarding the issue. Historically, Acros has reported several zero-day vulnerabilities to Microsoft. The micropatching industry aims to provide more permanent solutions to security flaws, though it may introduce complications. As Windows 10 approaches retirement, IT managers may increasingly consider micropatching for system protection. Mainstream support for Windows 7 ended in 2015, with extended support concluding in 2020.

Winsage

December 6, 2024

New Windows zero-day exposes NTLM credentials, gets unofficial patch

A newly discovered zero-day vulnerability allows attackers to capture NTLM credentials from Windows users by simply viewing a malicious file in File Explorer. This flaw affects multiple Windows versions, including Windows 7, Server 2008 R2, and Windows 11 24H2, and has been reported to Microsoft, but no official fix has been issued. The exploit triggers an outbound NTLM connection to a remote share, leading to the automatic transmission of NTLM hashes associated with the logged-in user, which can be intercepted and cracked for unauthorized access. 0patch has previously reported two other unresolved vulnerabilities to Microsoft and will offer a micropatch for this issue free of charge until an official fix is provided. Users can also disable NTLM authentication as an alternative solution.

Winsage

December 6, 2024

0patch uncovers a security vulnerability in all versions of Windows — and releases free fixes

0patch has disclosed a 0day vulnerability affecting all desktop versions of Windows, including Windows Server, identified as a URL File NTLM Hash Disclosure vulnerability. This flaw impacts 21 different editions of the operating system, spanning from Windows 7 and Server 2008 R2 to Windows 11 v24H2 and Server 2022. The vulnerability allows an attacker to extract a user's NTLM credentials by having the user open a malicious file in Windows Explorer. 0patch has reported the issue to Microsoft, which has not yet provided a remedy, and has released free micropatches for all affected versions. Users can obtain the micropatch by creating a complimentary account in 0patch Central. The affected Windows editions include both legacy versions and those still receiving updates.

Winsage

December 6, 2024

Critical Windows Zero-Day Vulnerability Lets Attackers Steal Users NTLM Credentials

A significant vulnerability has been discovered that affects all versions of Windows Workstation and Server, from Windows 7 and Server 2008 R2 to Windows 11 (v24H2) and Server 2022. This flaw allows attackers to extract NTLM credentials by tricking users into opening a malicious file in Windows Explorer. The vulnerability can be exploited through shared folders, USB drives, or downloaded files. Researchers have released micropatches for affected systems, including Windows 7, Windows 10 (versions 1803 to 21H2), and fully updated versions of Windows 10 and 11, as well as various Server editions. These micropatches are available at no cost and can be applied without rebooting the system. Organizations can protect themselves by installing these micropatches through the 0patch Agent, which will continue to provide updates for unsupported Windows versions even after Microsoft's end-of-support dates.

Winsage

December 2, 2024

Windows Server 2012 0-day Vulnerability Let Attackers Bypass Security Checks

A significant security vulnerability has been identified in Windows Server 2012 and Server 2012 R2, allowing attackers to bypass security measures enforced by the Mark of the Web (MotW) feature. This zero-day flaw has existed for over two years and affects certain file types, posing a risk even to fully updated systems and those with Extended Security Updates. The vulnerability was discovered by 0patch security researchers and reported to Microsoft, which has developed free micropatches to mitigate the issue until an official fix is released. The affected systems include Windows Server 2012 and 2012 R2, both updated to October 2023, and those with Extended Security Updates. Free micropatches are available for immediate protection on systems with the 0patch Agent. Security experts recommend applying the micropatches, monitoring for official updates from Microsoft, considering upgrades to supported server versions, and implementing additional security measures.