Windows theme files Archives

Winsage

October 31, 2024

New Microsoft Password Hack Uses Windows Themes 0-Day

Researchers from 0patch discovered a new zero-day vulnerability, CVE-2024-38030, while developing a micropatch for an existing Windows security flaw, CVE-2024-21320, which allowed attackers to extract NT Lan Manager user credentials through malicious Windows theme files. Microsoft’s patch for CVE-2024-21320 did not fully address all potential credential leakage scenarios, prompting the identification of the new vulnerability. 0patch created a more general patch for Windows theme files that covers all execution paths leading to credential leakage. Microsoft has acknowledged the new vulnerability and is working on a fix, but an official patch has not yet been released. Meanwhile, 0patch users can install a micropatch to protect their systems.

Winsage

October 31, 2024

New Windows Theme Zero-Day Vulnerability Let Attackers Steal Credentials

Security researchers at Acros have identified a new zero-day vulnerability (CVE-2024-38030) related to Windows theme files that can lead to the potential exposure of NTLM credentials. This vulnerability affects multiple Windows platforms, including Windows 11 (version 24H2). The issue arises when a theme file specifies a network file path for certain properties, causing Windows to send authenticated network requests to remote hosts, which can result in credential leaks if a malicious theme file is used. Microsoft issued a patch for an earlier related vulnerability (CVE-2024-21320), but researchers found it insufficient for systems that had stopped receiving updates. A more comprehensive patch has been developed by researchers to address all execution paths that could lead to credential leaks, and users of the micropatch service 0patch are currently protected against this vulnerability. The micropatches are available for all supported Windows versions and some legacy versions, specifically for Windows Workstation, and not for Windows Server.