Critical Windows Flaw Steals Passwords by Just Viewing Files – Zero-Day Alert

Critical Windows Flaw Steals Passwords by Just Viewing Files - Zero-Day Alert

Zero-Day Windows Vulnerability Enables NTLM Credential Theft Through File Explorer

A critical security vulnerability affecting all Windows versions from Windows 7 to Windows 11 24H2 has been uncovered by the 0patch security team. This zero-day flaw allows attackers to capture NTLM credentials simply by having users view a malicious file in Windows Explorer, without requiring any clicks or file execution.

The vulnerability works by triggering an outbound NTLM connection to a remote share when a user views a specially crafted file, automatically exposing NTLM hashes that attackers can potentially crack to obtain login credentials.

Key Points:
– Affects all Windows versions from Windows 7/Server 2008 R2 to Windows 11 24H2/Server 2022
– No official fix from Microsoft currently available
– Requires no user interaction beyond viewing affected files
– Can be triggered through shared folders, USB drives, or downloaded files

Mitigation Options:
1. Install 0patch’s free micropatch (available to registered users)
2. Disable NTLM authentication via Group Policy
3. Configure “Network security: Restrict NTLM” policies

This vulnerability joins other unpatched NTLM-related flaws like PetitPotam, PrinterBug, and DFSCoerce. While Microsoft plans to eventually phase out NTLM authentication in Windows 11, current systems remain vulnerable without proper mitigation measures in place.

Share This Article