A new zero-day vulnerability has been discovered that allows attackers to capture NTLM credentials by simply tricking the target into viewing a malicious file in Windows Explorer.
The flaw was discovered by the 0patch team, a platform that provides unofficial support for end-of-life Windows versions, and was reported to Microsoft. However, no official fix has been released yet.
#Windows11#zeroday#security
Security researchers have publicly revealed a newly discovered critical vulnerability that affects all Windows Workstation and Server versions, from Windows 7 and Server 2008 R2 to the latest Windows 11 (v24H2) and Server 2022. The flaw allows attackers to obtain a user’s NTLM credentials simply by tricking them into viewing a malicious file in Windows Explorer.
This action could be triggered by opening a shared folder or USB disk containing such a file, or by accessing the Downloads folder where the malicious file might have been automatically downloaded from an attacker’s webpage.
After responsibly reporting the issue to Microsoft, the researchers have released micropatches to protect users until they provide an official fix. These micropatches are available free of charge during this interim period.
#Microsoft#micropatching#security
A #Windows#vulnerability allows attackers to steal credentials without victims even opening a file—simply viewing a malicious folder is enough. This flaw, affecting all Windows versions from 7 to 11, poses a severe risk to enterprises relying on NTLM authentication; learn how to protect your systems now.
#crowdstrike Why is badly-written code from 3rd parties able to run, even encouraged to run, in the core of Windows?
Q: Why isn't Windows secure by default?
A: Windows is a cash-cow product for Microsoft who have no incentive to fix it.
Two approaches remain if you prioritise uptime and security.
1. If you are in Government or a business leader, then you can incentivise companies like Microsoft to fix software problems with loss of earnings or fines. Based on prior events, this has not created a culture of security and so may be of limited use.
2. Move away from Windows. Do your staff need Windows on the desktop when much of the software they use is delivered via a browser? All of Microsoft's own productivity software is browser driven and the local version of Teams is merely an electron app. What about ChromeOS, with a lower support overhead or even rolling your own locked down Linux desktop with only a browser. Heck you can even install Edge on Linux.
Stop dealing with systemic failures in Windows, look for a way out.
https://lnkd.in/gJFtC5pi
The list of deprecated features in Windows is quite extensive and worth a read, but the deprecation of NTLM isn't as straightforward as it may seem when it comes to security.
My 2 cents:
1. NTLM is no longer under active feature development. This may mean it receives less attention from security updates if (when?) additional vulnerabilities are discovered.
2. NTLM is now disabled by default, which means applications that call directly into NTLM will fail (need to call into SPNEGO SSPI instead).
3. Despite being deprecated, NTLM is *still* in the product.
4. NTLM still serves as a fallback alongside SPNEGO which is the design of SPNEGO. This introduces the risk of attackers (potentially) forcing a downgrade to NTLM from SPNEGO, exploiting any existing NTLM vulnerabilities (which is not getting product development attention).
... reminiscing on the good ol' days in Windows Authentication..
#WindowsSecurity#NTLM#SPNEGO
