New Windows zero-day exposes NTLM credentials, gets unofficial patch

December 6, 2024 at 11:37AM A new zero-day vulnerability allows attackers to capture NTLM credentials via malicious files in Windows Explorer, affecting all Windows versions from 7 to 11. Discovered by 0patch, the flaw lacks an official fix from Microsoft. 0patch will provide a free micropatch while users can also disable NTLM authentication. ### Meeting … Read more

Windows Themes zero-day bug exposes users to NTLM credential theft

October 30, 2024 at 05:35PM A zero-day vulnerability in Windows Themes allows attackers to steal NTLM credentials. Acros Security provides a free micropatch to address the issue while Microsoft awaits an official fix. Exploitation requires user interaction, such as copying a malicious theme file. Users are advised to apply the micropatch promptly for protection. ### … Read more

New Windows Themes zero-day gets free, unofficial patches

October 29, 2024 at 04:30PM Free unofficial micropatches are now available for a Windows Themes zero-day vulnerability that allows NTLM credential theft. Discovered by ACROS Security, this issue affects all updated Windows versions. Users can apply these patches through 0patch while awaiting official fixes from Microsoft, which plans to address the problem promptly. ### Meeting … Read more