A newly discovered bug in Microsoft’s Windows operating systems, from version 7 and above, can be exploited to steal users’ OS account credentials. Acros Security has identified an unpatched NTLM vulnerability that allows an attacker to obtain user credentials by viewing a malicious file in Windows Explorer.
The flaw affects all systems from Windows 7 to the latest Windows 11 v24H2 and Server 2022, making it a widespread issue. According to Acros CEO Mitja Kolsek, “The vulnerability allows an attacker to obtain user’s NTLM credentials by simply having the user view a malicious file in Windows Explorer – eg, by opening a shared folder or USB disk with such file, or viewing the Downloads folder where such file was previously automatically downloaded from attacker’s web page.”
Acros has released a one-processor-instruction binary micropatch to fix the problem, which will be free until Microsoft releases an official fix. The company has contacted Microsoft about the bug and is keeping quiet about the details.
This latest flaw highlights the importance of keeping software up-to-date and being cautious when opening files from unknown sources. Acros has reported several zero-days to Microsoft in the past, including a similar NTLM-related issue with Windows Themes in October.
Source: https://www.theregister.com/2024/12/06/opatch_zeroday_microsoft