We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

Windows File Explorer Spoofing Vulnerability (CVE-2025-24071)

March 19, 2025

NSFOCUS CERT has recently identified a significant security announcement from Microsoft regarding a spoofing vulnerability in Windows File Explorer, designated as CVE-2025-24071. This vulnerability has been assigned a CVSS score of 7.5, indicating a notable level of risk. The issue arises from the inherent trust and automatic file parsing behavior associated with .library-ms files within Windows Explorer. Unauthenticated attackers can exploit this vulnerability by crafting RAR/ZIP files that contain a malicious SMB path. When these files are decompressed, an SMB authentication request is triggered, leading to the potential exposure of the user’s NTLM hash. As the details surrounding this vulnerability and proof of concept (PoC) have been disclosed and are reportedly being exploited, it is crucial for affected users to take immediate protective measures.

Scope of Impact

Affected versions include:

  • Windows 10 Version 1809 for x64-based Systems
  • Windows 10 Version 1809 for 32-bit Systems
  • Windows Server 2025 (Server Core installation)
  • Windows Server 2025
  • Windows Server 2012 R2 (Server Core installation)
  • Windows Server 2012 R2
  • Windows Server 2016 (Server Core installation)
  • Windows Server 2016
  • Windows 10 Version 1607 for x64-based Systems
  • Windows 10 Version 1607 for 32-bit Systems
  • Windows 10 for x64-based Systems
  • Windows 10 for 32-bit Systems
  • Windows 11 Version 24H2 for x64-based Systems
  • Windows 11 Version 24H2 for ARM64-based Systems
  • Windows Server 2022, 23H2 Edition (Server Core installation)
  • Windows 11 Version 23H2 for x64-based Systems
  • Windows 11 Version 23H2 for ARM64-based Systems
  • Windows 10 Version 22H2 for 32-bit Systems
  • Windows 10 Version 22H2 for ARM64-based Systems
  • Windows 10 Version 22H2 for x64-based Systems
  • Windows 11 Version 22H2 for x64-based Systems
  • Windows 11 Version 22H2 for ARM64-based Systems
  • Windows 10 Version 21H2 for x64-based Systems
  • Windows 10 Version 21H2 for ARM64-based Systems
  • Windows 10 Version 21H2 for 32-bit Systems
  • Windows Server 2022 (Server Core installation)
  • Windows Server 2022
  • Windows Server 2019 (Server Core installation)
  • Windows Server 2019

Detection

Manual detection

Users can assess their system’s vulnerability status by checking the version and patch information:

  1. Press “Win+R” to open the Run dialog, type “winver,” and hit Enter to view the current build version.
  2. Launch the Command Prompt and execute the systeminfo command to gather details about installed patches.

Mitigation

Microsoft has released a security patch to address this vulnerability for supported product versions. It is highly recommended that affected users install the patch promptly to ensure their systems are protected. The patch can be downloaded from the following link: Microsoft Update Guide.

Note: Users may encounter issues with the Windows Update patch installation due to network or environmental factors. After applying the patch, it is advisable to verify its successful installation. To do this, right-click on the Windows icon, select “Settings,” navigate to “Updates and Security,” and then “Windows Updates” to check for prompts. Alternatively, users can click “View Update History” to review past updates. For any updates that did not install successfully, clicking on the update name will redirect users to Microsoft’s official download page. It is recommended to access the “Microsoft Update Catalog” for standalone package downloads.

Statement

This advisory serves to outline a potential risk. NSFOCUS does not guarantee any commitments regarding this advisory and will not be liable for any direct or indirect consequences resulting from its transmission or use. NSFOCUS reserves the right to modify and interpret this advisory. When reproducing or sharing this advisory, please include this statement paragraph and refrain from altering its content or using it for commercial purposes without prior permission from NSFOCUS.

About NSFOCUS

NSFOCUS stands as a vanguard in cybersecurity, committed to protecting telecommunications, Internet service providers, hosting providers, and enterprises from advanced cyber threats. Established in 2000, NSFOCUS operates on a global scale, employing over 4,000 professionals across two headquarters in Beijing, China, and Santa Clara, CA, USA, along with more than 50 offices worldwide. The company boasts a proven track record of safeguarding over 25% of the Fortune Global 500 companies, including four of the five largest banks and six of the world’s top ten telecommunications firms.

With a focus on technical excellence and innovation, NSFOCUS offers a comprehensive array of security solutions, including the Intelligent Security Operations Platform (ISOP) for modern SOC, DDoS Protection, Continuous Threat Exposure Management (CTEM) Service, and Web Application and API Protection (WAAP). These solutions are enhanced by the Security Large Language Model (SecLLM), machine learning, patented algorithms, and other cutting-edge research achievements developed by NSFOCUS.

Winsage
Windows File Explorer Spoofing Vulnerability (CVE-2025-24071)