Acros Security has identified a significant unpatched vulnerability in Microsoft Windows, spanning from Windows 7 to the latest Windows 11 v24H2. This flaw, categorized as an NTLM vulnerability, poses a risk of credential theft for users operating on these systems.
Details of the Vulnerability
The company, known for its development of unofficial “micropatches” that address software vulnerabilities overlooked by vendors, revealed that this particular bug can be exploited through Windows Explorer. Users who inadvertently view a maliciously crafted file may have their NTLM hash exposed, potentially allowing a remote attacker to access sensitive information via the network. While the specifics of the exploitation method remain undisclosed, Acros has confirmed that the vulnerability is not currently under active attack.
Mitja Kolsek, CEO of Acros, elaborated on the implications of this vulnerability, stating, “The vulnerability allows an attacker to obtain a user’s NTLM credentials by simply having the user view a malicious file in Windows Explorer—such as opening a shared folder or USB disk containing the file, or accessing the Downloads folder where the file was automatically downloaded.”
Acros Security’s Response
In response to the discovery, Acros has reached out to Microsoft and plans to release a micropatch, which will consist of a single processor instruction aimed at mitigating the risk. This micropatch will be available for free until Microsoft issues an official fix. However, the specifics of the vulnerability remain under wraps for the time being.
Historically, Acros has reported several zero-day vulnerabilities to Microsoft, including a related NTLM issue with Windows Themes and a Mark of the Web problem in Server 2012 products. It remains uncertain whether Microsoft will prioritize a fix for this latest vulnerability, as it may not be deemed critical enough for immediate action.
The Micropatching Landscape
The micropatching industry serves organizations seeking more than temporary solutions to security flaws. By addressing the root cause of vulnerabilities, micropatches can provide a more robust defense, provided they undergo thorough testing by both the client and the micropatch issuer. However, it is worth noting that while micropatches can be effective, they may also introduce their own complications.
As the retirement of Windows 10 approaches, with less than a year remaining, IT managers may increasingly turn to micropatching as a means of safeguarding their systems. Microsoft offers extended support options for Windows 10, which were made available to the general public in October. This includes a one-year support package priced at , while enterprise users will initially pay per device, escalating to 4 by the third year. Educational institutions benefit from a significantly reduced rate, totaling just for three years of support.
In contrast, mainstream support for Windows 7 ended in 2015, with extended support concluding in 2020 and support for certain embedded uses ceasing in 2021.
