0Patch confirms credential-stealing Windows zero-day threat
Researchers at Acros Security have confirmed the existence of another Windows zero-day threat, a credential-stealer that affects all versions of Windows from 7 through 11 and Windows Server 2008 R2 onwards. Here’s what you need to know and how to protect yourself while Microsoft is readying a patch to protect against the exploit.
The Windows Zero-Day Exploit With No Official Fix—What We Know So Far
The zero-day vulnerability, which has been reported to Microsoft but currently has no Common Vulnerabilities and Exposures allocation or, indeed, any official patch, is about as bad as it gets. Impacting the Windows NT LAN Manager, a suite of Microsoft security protocols providing authentication, integrity and confidentiality to users, full technical details are being withheld until such a time that an official Microsoft fix starts rolling out to minimize any further risk of exploitation.
“The vulnerability allows an attacker to obtain user’s NTLM credentials by simply having the user view a malicious file in Windows Explorer,” Mitja Kolsek, founder of Acros security which operates the 0patch vulnerability patch management platform, said. Just by opening a shared folder or USB disk containing the malicious file, or even simply viewing the downloads folder where the file was automatically downloaded from an attacker’s web page, is all it takes to exploit the threat.
How To Protect Your Version Of Windows
Until an official fix is made available by Microsoft itself, Windows users can protect themselves using the free “micropatch” that has been made available by the 0patch platform. These patches are even available for those versions of Windows that are outside of official support. This is a developing story and I have reached out to Microsoft for a statement.
