A newly uncovered zero-day vulnerability in Windows has raised significant alarms, exposing users to the risk of password theft without any direct interaction. This exploit impacts a broad range of Windows versions, including Windows 7, Windows 11 v24H2, and Server 2025, and currently, Microsoft has not issued a patch to remedy the situation, leaving millions of users vulnerable.
New Windows zero-day vulnerability allows hackers to steal NTLM credentials just by previewing a malicious file. No Microsoft patch available yet.
The flaw, reported privately to Microsoft by security researcher Mitja Kolsek from ACROS Security, allows cybercriminals to extract NTLM (NT Lan Manager) credentials simply by having a user preview a malicious file in Windows Explorer. This means that users do not need to open or execute the file; merely viewing it is sufficient for an attack to occur.
NTLM is a widely utilized authentication protocol within Windows, making this vulnerability particularly perilous. Stolen credentials can facilitate relay attacks, circumvent security measures, and grant unauthorized access to both corporate and personal networks. While Kolsek has categorized the issue as not “critical,” similar vulnerabilities have been exploited in actual cyberattacks.
Despite acknowledging the security risk, Microsoft has not yet provided an official fix. A spokesperson stated, “We are aware of this report and will take necessary action to protect customers.” However, users may remain exposed until the next scheduled security update, which could delay the release of a patch.
In response to this pressing concern, ACROS Security has developed a temporary micro-patch available through its 0patch platform. This solution operates in memory and does not require a full system update. It is offered free of charge until Microsoft issues an official fix, and all Windows users are strongly encouraged to implement it promptly.
Adding to the cybersecurity landscape, a separate zero-day vulnerability has been identified in Google Chrome and other Chromium-based browsers, including Microsoft Edge. Discovered by security firm Kaspersky, this exploit enables attackers to bypass Chrome’s sandbox protection with just a single click on a malicious link.
Dubbed Operation ForumTroll, this attack has primarily targeted media organizations, educational institutions, and government agencies, particularly in Russia. Identified as CVE-2025-2783, the exploit demonstrates a high level of sophistication, leading cybersecurity experts to suspect its involvement in cyber-espionage campaigns.
To safeguard against these threats, users are advised to take the following precautions:
For Windows Users:
- Install the temporary 0patch fix immediately to prevent credential theft.
- Avoid previewing or interacting with unfamiliar files in Windows Explorer.
- Exercise caution with phishing emails that may contain malicious attachments.
For Chrome and Edge Users:
- Update your browser to the latest version to protect against the Chromium zero-day exploit.
- Refrain from clicking on suspicious links, especially those found in unsolicited emails.
As the landscape of cybersecurity threats continues to evolve, maintaining a proactive approach with software updates and security patches is essential for protecting sensitive data.
