Windows users are currently facing a challenging situation, with a series of zero-day vulnerabilities impacting various versions of the operating system. Just two weeks after Microsoft acknowledged six such vulnerabilities, another has emerged, affecting users from Windows 7 and Server 2008 R2 all the way to the latest Windows 11 v24H2 and Server 2025. The pressing concern here is that there is no official patch available from Microsoft to address this latest threat.
This Windows Password Hash Vulnerability Is So New It Doesn’t Have A Number Yet
On March 25, I received a private message from Mitja Kolsek, CEO of ACROS Security, a company known for developing unofficial security patches for zero-day vulnerabilities. His message was straightforward: “We reported this to Microsoft and will not disclose details until they have issued an official patch.” This statement piqued my interest, as it indicated the seriousness of the situation. Kolsek’s team discovered a vulnerability that allows attackers to obtain NTLM credentials simply by having a user view a malicious file in Windows Explorer.
The implications of this vulnerability are significant, particularly given its similarity to a previously reported zero-day incident from December 6, 2024. While the attack scenarios are alike, Kolsek emphasized that this latest vulnerability is distinct and has not been publicly discussed yet. For now, the technical details remain under wraps until Microsoft provides a patch.
NT Lan Manager (NTLM) vulnerabilities are particularly concerning because they can enable attackers to steal Windows credentials through deceptive means. NTLM is a suite of Microsoft security protocols that ensures authentication, integrity, and confidentiality for users. While Kolsek noted that these vulnerabilities are not classified as critical, their exploitability hinges on various factors. However, they have been employed in real-world attacks, underscoring the urgency for users to be vigilant.
As Microsoft Investigates, Windows Users Can Use This Temporary Fix
In light of the situation, and with a Microsoft spokesperson confirming awareness of the report, it appears users may need to wait until the next Patch Tuesday for an official fix. Therefore, taking proactive measures is advisable.
This is where Kolsek and his micro-patch solution come into play. The company’s product, 0patch, aims to fill the gap between the discovery of a zero-day vulnerability and the release of an official patch. It provides free mini-fixes to address vulnerabilities in the interim. The system works through a patching agent that analyzes processes and applies patches in memory without disrupting ongoing operations. Kolsek stated, “Since this is a 0day vulnerability with no official vendor fix available, we are providing our micropatches for free until such fix becomes available.” For Windows users, this presents a timely and effective course of action to enhance their security while awaiting a permanent solution.
