shared folder Archives

Winsage

March 26, 2025

New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials

A critical vulnerability affecting various Windows operating systems, including Windows 7, Server 2008 R2, Windows 11 v24H2, and Server 2025, allows attackers to capture NTLM authentication credentials through interactions with malicious files in Windows Explorer. Exploitation can occur when users open shared folders, insert USB drives with malicious files, or view downloaded files. The vulnerability is similar to a previously patched flaw (CVE-2025-21377) but has not been fully documented. Security researchers have developed micropatches available for free until Microsoft releases a permanent fix. These micropatches support a wide range of Windows versions, including legacy and currently supported systems. The micropatches have been automatically distributed to affected systems with the 0patch Agent installed.

Winsage

March 26, 2025

New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials

A critical vulnerability affects all Windows operating systems from Windows 7 to Windows 11 v24H2 and Server 2025, allowing attackers to capture NTLM authentication credentials through malicious files viewed in Windows Explorer. Exploitation can occur when users open shared folders, insert USB drives with malicious files, or view previously downloaded files. The vulnerability is similar to a previously patched flaw (CVE-2025-21377) but has not been publicly documented. Security researchers have developed micropatches through 0patch to temporarily mitigate the issue, which will be available at no cost until Microsoft releases a permanent solution. The micropatches support various Windows versions, including legacy and currently supported systems, and can be automatically deployed without requiring system reboots.

Winsage

March 26, 2025

0patch releases yet another free fix for yet another 0day vulnerability in Windows that Microsoft has not addressed

0patch has released micropatches for a critical SCF File NTLM hash disclosure vulnerability affecting all Windows versions from Windows 7 to Windows 11 and Windows Server editions from 2008 to 2025. This vulnerability allows attackers to obtain users' NTLM credentials by having them view a malicious file in Windows Explorer. 0patch operates on a subscription model and provides security fixes for unsupported Windows versions, as well as complimentary patches for unaddressed vulnerabilities. Specific details about the vulnerability are currently withheld, pending an official fix from Microsoft.

Winsage

March 26, 2025

Windows 11 update breaks Veeam recovery, causes connection errors

Microsoft and Veeam are addressing connection errors affecting users of Windows 11 24H2 systems, particularly those restoring data with Veeam Recovery Media on builds 26100.3194 and higher. The errors occur when attempting to restore files from a Veeam Backup & Replication server or SMB network share, with messages indicating network connection failures and issues with the Local Security Authority. Veeam suggests using Recovery Media from older Windows 11 builds (26100.3037 or lower) as a temporary solution. Veeam clarified that they cannot provide pre-generated Recovery Media images due to proprietary components. Over 550,000 customers use Veeam products, including 82% of Fortune 500 companies. In February, Microsoft also addressed issues related to the KB5051987 update that affected Outlook functionalities on Windows 24H2 systems.

Winsage

March 25, 2025

New Windows zero-day leaks NTLM hashes, gets unofficial patch

A newly discovered zero-day vulnerability in Windows allows remote attackers to steal NTLM credentials by tricking users into opening malicious files in Windows Explorer. This flaw affects various Windows versions, including Windows 7 through Windows 11 and Server 2008 R2 to Server 2025. The vulnerability, identified by ACROS Security researchers, has not been assigned a CVE-ID and enables attackers to obtain NTLM credentials through methods like accessing shared folders or USB drives. While the exploit's criticality is moderate and depends on specific conditions, it has been linked to actual attacks. ACROS Security has released free micropatches for all affected Windows versions via its 0Patch service until Microsoft provides an official fix. Users can install the micropatch easily by creating an account and activating the 0patch agent, which applies the patch automatically.

Winsage

March 19, 2025

Microsoft Windows File Explorer Vulnerability Let Attackers Perform Network Spoofing

A vulnerability identified as CVE-2025-24071 has been discovered in Windows File Explorer, allowing attackers to extract NTLM hashed passwords with minimal user interaction. This high-severity flaw, termed “NTLM Hash Leak via RAR/ZIP Extraction,” exploits Windows Explorer’s automatic file processing when a specially crafted .library-ms file is extracted from a compressed archive. The file contains a malicious SMB path that triggers an NTLM authentication handshake, leaking the victim’s NTLMv2 hash. Microsoft addressed this issue in its March 2025 updates. A proof-of-concept exploit was published by researcher 0x6rss, and evidence suggests the vulnerability may have been exploited in the wild prior to its disclosure. Users are advised to apply security updates and implement protections against NTLM relay attacks.

Winsage

December 10, 2024

Microsoft NTLM Zero-Day to Remain Unpatched Until April

Microsoft has issued new guidance to help organizations defend against NTLM relay attacks following the discovery of a zero-day vulnerability affecting all versions of Windows Workstation and Server, from Windows 7 to Windows 11. This vulnerability allows attackers to capture NTLM credentials by tricking users into opening a malicious file. Microsoft has classified the vulnerability as having moderate severity and expects a fix to be rolled out in April. This is the second NTLM credential leak zero-day reported to Microsoft by ACROS Security since October. Microsoft has updated its guidance on enabling Extended Protection for Authentication (EPA) by default on LDAP, AD CS, and Exchange Server to mitigate NTLM-related vulnerabilities.

Winsage

December 10, 2024

Critical Windows Zero-Day Alert: No Patch Available Yet for Users

A newly identified zero-day vulnerability in Windows allows attackers to steal NTLM credentials through methods such as opening a malicious file in Windows Explorer. This vulnerability affects multiple versions of Windows, including Windows Server 2022, Windows 11 (up to v24H2), Windows 10, Windows 7, and Server 2008 R2. The exploitation requires minimal user interaction, such as accessing shared folders or USB disks. In response, 0patch is providing a complimentary micropatch to registered users until Microsoft issues an official fix. The vulnerability is part of a larger trend of unresolved issues in Windows, and cybersecurity experts emphasize the need for enterprises to adopt robust security measures beyond automated patch management.

Winsage

December 7, 2024

New Windows 7 To 11 Warning As Zero-Day With No Official Fix Strikes

A zero-day vulnerability has been discovered by researchers at Acros Security, affecting all versions of Windows from 7 to 11 and Windows Server 2008 R2 and later. This vulnerability targets the Windows NT LAN Manager and allows attackers to obtain a user's NTLM credentials by having the user view a malicious file in Windows Explorer. Currently, there is no official patch from Microsoft. The 0patch platform has released a free "micropatch" for users to protect their systems until an official fix is available.

Winsage

December 7, 2024

All Windows 11, 10, Server versions affected by a new zero day, unofficial patch out

Windows 11's latest feature update, version 24H2, is being extended to more systems. A new zero-day vulnerability discovered by cybersecurity firm 0patch affects all Windows clients, including Windows 11 version 24H2 and various server editions, allowing attackers to steal NTLM credentials by having users view a malicious file in Windows Explorer. The vulnerability impacts all Windows Workstation and Server versions from Windows 7 and Server 2008 R2 to the latest Windows 11 v24H2 and Server 2022. Windows Server 2025 is currently undergoing compatibility testing and is not yet affected. Microsoft is phasing out NTLM and encourages users to transition to more secure alternatives. Users can obtain a patch for the vulnerability by registering for a free account at 0patch Central.