A zero-day vulnerability in Windows’ New Technology LAN Manager authentication protocol has been patched by third-party security firm 0Patch. The issue, which can be exploited by viewing a malicious file in File Explorer, affects all Windows OSes from version 7 to the latest 11H2.
Microsoft deprecated support for NTLM protocols in June 2023, but vulnerabilities remain targeted at machines running Windows 7 and Server 2008 R2, as well as newer versions like Windows 10 and 11 until their respective end-of-support dates.
The patched vulnerability allows credential hijacking from merely viewing an infected folder, not requiring the file to be directly opened. While older versions of Windows, such as Windows 7, are in significant danger, newer versions like Windows 11 may receive a patch in the coming weeks or months.
0Patch has also patched other vulnerabilities discovered by its researchers, including non-NTLM zero-day threats and NTLM-related issues not addressed by Microsoft. However, it is essential to note that this third-party patch will remain available for free until Microsoft releases official patches for these vulnerabilities.
No attacks exploiting the vulnerable NTLM authentication issue have been reported in the wild yet. Nevertheless, existing security solutions may block emerging threats automatically, but impacted users must ensure they have necessary mitigations in place. The 0Patch patch, dubbed “micropatch,” addresses a single vulnerable instruction and can be installed without significant risk.
However, it is crucial to use this unofficial patch with caution, as Microsoft has not officially addressed these vulnerabilities.
Source: https://www.tomshardware.com/tech-industry/cyber-security/zero-day-windows-ntlm-hash-vulnerability-gets-patched-by-third-party-credentials-can-be-hijacked-by-merely-viewing-a-malicious-file-in-file-explorer