Researchers at Acros Security have uncovered a critical zero-day vulnerability affecting all versions of Windows, from 7 to 11 and including Windows Server 2008 R2 onwards. This credential-stealing threat has been confirmed by 0Patch, with no official fix or Common Vulnerabilities and Exposures (CVE) allocation issued by Microsoft at this time.
This vulnerability targets the Windows NT LAN Manager (NTLM), a suite of Microsoft security protocols crucial for user authentication. According to Mitja Kolsek, founder of Acros Security, an attacker can exploit this vulnerability simply by having a user open a malicious file using Windows Explorer. This could happen via a shared folder, a USB drive, or even just by viewing a downloads folder containing the malicious file from a web page.
Until Microsoft releases an official patch, users are advised to protect themselves by utilizing a free micropatch available through the 0Patch platform. This option is particularly significant since it extends support to versions of Windows that are no longer officially maintained.
The situation remains fluid as users are urged to stay vigilant and implement these protective measures while awaiting further instructions from Microsoft.
For further details on cybersecurity threats, you can check the following links: