Read Time:1 Minute, 18 Second

Security researchers have identified a critical vulnerability affecting all Windows Workstation and Server versions, including Windows 7, Server 2008 R2, Windows 11 (v24H2), and Server 2022. This vulnerability allows attackers to obtain NTLM credentials by tricking users into viewing a malicious file in Windows Explorer.

Affected Versions:

  • Windows 7 and Server 2008 R2 (all ESU and non-ESU configurations)
  • Windows 10 (versions 1803 through 21H2)
  • Windows Server 2012 and Server 2012 R2 (with and without ESU)
  • Windows 10 v22H2
  • Windows 11 (versions 22H2, 23H2, and 24H2)
  • Windows Server 2022, Server 2019, and Server 2016
  • Windows Server 2012 and Server 2012 R2 with ESU

Impact:

  • Attackers can obtain NTLM credentials.
  • Exploitation may occur via shared folders, USB disks, or automatic downloads from malicious webpages.

Mitigation:

  • Researchers have released micropatches to protect affected users until an official fix is available. These micropatches are free of charge during this interim period.

How to Apply Micropatches:

  1. Create a Free Account: Visit 0patch Central and sign up.
  2. Install 0patch Agent: Download and register the 0patch Agent software.
  3. Activate Protection: Micropatches will apply automatically after registration.

Additional Information:

  • This is the third zero-day vulnerability reported by the same research team in recent months.
  • Previous unpatched vulnerabilities include the Windows Theme file issue, “Mark of the Web” issue, and “EventLogCrasher” vulnerability.

Future Updates: 0patch will continue to provide security patches for Windows 10 even after its end-of-support date in October 2025.

Recommendation: All users are encouraged to install the available micropatches to secure their systems against this vulnerability, particularly those relying on unsupported Windows versions.

Leave a Reply

Your email address will not be published. Required fields are marked *