December 6, 2024 at 06:47PM
Acros Security has identified an unpatched NTLM vulnerability in Windows 7 and later versions, allowing potential theft of user credentials through malicious files. Acros plans to release a free micropatch while awaiting Microsoft’s response. The vulnerability affects a wide range of Windows systems, prompting concerns about security amid upcoming OS retirements.
**Meeting Takeaways:**
1. **New NTLM Vulnerability Identified**:
– Acros Security has discovered an unpatched NTLM vulnerability in Microsoft Windows (versions 7 and onward) that could potentially leak users’ OS account credentials.
2. **Exploitation Method**:
– The vulnerability can be exploited when victims view malicious files through Windows Explorer. This could happen by interacting with shared folders, USB drives, or files downloaded from the internet.
3. **Affected Systems**:
– The flaw impacts all Windows systems from Windows 7 and Server 2008 R2 to the latest Windows 11 v24H2 and Server 2022.
4. **Micropatch Development**:
– Acros is developing a one-processor-instruction binary micropatch to address the vulnerability, which will be available for free until Microsoft issues an official fix.
5. **Previous Flaw Reports**:
– Acros has a history of reporting zero-day vulnerabilities to Microsoft, including NTLM-related issues in the past.
6. **Market for Micropatching**:
– The micropatching industry caters to organizations seeking long-term solutions to security flaws without waiting for official updates from software vendors. While micropatches can effectively mitigate risks, they may also introduce new problems.
7. **Windows 10 Support Options**:
– With Windows 10 set to retire within a year, Microsoft is offering extended support options for various user groups, including enterprise and educational clients, at differing price points.
8. **Support Status**:
– Windows 7 has not had mainstream or extended support for several years, with the last of its support phases ending in 2021.
Overall, organizations relying on older versions of Windows should consider the implications of the discovered vulnerability and the potential for micropatching as a stopgap solution.