In June 2023, Microsoft made a significant announcement regarding the deprecation of its New Technology LAN Manager (NTLM) authentication protocol, a relic from 1993 that first appeared with Windows NT 3.1. The tech giant recommended users transition to the more secure Windows Negotiate protocol. However, the landscape of cybersecurity remains fraught with challenges, as modern NTLM vulnerabilities continue to pose threats to a range of systems, from Windows 7 and Server 2008 R2 to the latest Windows 11 Version 24H2 and Server 2022.
Emerging Vulnerabilities
Recently, security firm 0Patch uncovered a troubling new vulnerability within the NTLM framework. This exploit allows for credential hijacking simply by viewing an infected folder—no need to open any files directly. While it is anticipated that patches for Windows 11 will be rolled out in the coming weeks or months, older systems like Windows 7 remain particularly vulnerable. Windows 10, although still receiving support, is on the brink of its own end-of-life phase in October next year. Users will need to consider a paid support plan to extend coverage, raising concerns about potential unpatched vulnerabilities in the final release.
0Patch has previously been recognized for offering an alternative to Microsoft’s support model, and it has provided some reassurance regarding the current situation. In their official communications, they noted that, as of now, there have been no reported attacks exploiting this specific NTLM authentication issue in the wild. Some existing security solutions may automatically block such vulnerabilities as they emerge, but there is no assurance that all affected users will have these protections in place.
Mitigation Strategies
The micropatch released by 0Patch addresses a singular vulnerable NTLM instruction. While the installation of this patch is theoretically low-risk, it is essential to remember that it is an unofficial security measure. Users should weigh their options carefully and make decisions based on their unique circumstances and risk tolerance.
As the cybersecurity landscape evolves, the hope remains that Microsoft will address this and other vulnerabilities through official updates in a timely manner. The prospect of networking credentials being compromised from merely viewing an infected folder in File Explorer is a chilling reminder of the importance of robust security practices in today’s digital environment.
