A zero-day vulnerability affecting many Windows versions from Windows 7 to Windows 11, has been found by researches at 0patch.
A zero-day is a vulnerability that doesn’t have an official fix yet, so it is exploitable and possibly being actively used in the wild.
According to their post, the vulnerability exists in just the viewing of a maliciously crafted file within a directory containing this file allowing the leak of NTLM credentials. NTLM is a network authentication protocol, used in older systems or Windows within Windows networks.
0patch is a micro-patching service providing patches and fixes for different software vulnerabilities, even zero-days or end-of-life services. They’ve released an unofficial patch, and are awaiting a Microsoft official patch for further revelation of details. This would help avoid live exploitation to this zero-day risk.
Learn more about and stay updated with their findings as well as their unofficial working patch on their page.
Leave a Reply