![Apple Releases iOS 18.4 RC 2 and iPadOS 18.4 RC 2 to Developers [Download]](https://www.iclarified.com/images/news/96860/96860/96860-640.jpg)
![Amazon Drops Renewed iPhone 15 Pro Max to $762 [Big Spring Deal]](https://www.iclarified.com/images/news/96858/96858/96858-640.jpg)
![[The AI Show Episode 141]: Road to AGI (and Beyond) #1 — The AI Timeline is Accelerating](https://www.marketingaiinstitute.com/hubfs/ep%20141.1.png)
![[The AI Show Episode 140]: New AGI Warnings, OpenAI Suggests Government Policy, Sam Altman Teases Creative Writing Model, Claude Web Search & Apple’s AI Woes](https://www.marketingaiinstitute.com/hubfs/ep%20140%20cover.png)
![[The AI Show Episode 139]: The Government Knows AGI Is Coming, Superintelligence Strategy, OpenAI’s $20,000 Per Month Agents & Top 100 Gen AI Apps](https://www.marketingaiinstitute.com/hubfs/ep%20139%20cover-2.png)
![Reduce sin(2 * pi * n) [closed]](https://cdn.sstatic.net/Sites/softwareengineering/Img/apple-touch-icon@2.png?v=1ef7363febba)
![From broke musician to working dev. How college drop-out Ryan Furrer taught himself to code [Podcast #166]](https://cdn.hashnode.com/res/hashnode/image/upload/v1743189826063/2080cde4-6fc0-46fb-b98d-b3d59841e8c4.png?#)
.jpg?#)
.png?#)
New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials – Unofficial Patch
A critical vulnerability affecting all Windows operating systems from Windows 7 and Server 2008 R2 through the latest Windows 11 v24H2 and Server 2025. This zero-day flaw enables attackers to capture users’ NTLM authentication credentials simply by having them view a malicious file in Windows Explorer. The vulnerability can be triggered when opening a shared […] The post New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials – Unofficial Patch appeared first on Cyber Security News.
.webp?#)
A critical vulnerability affecting all Windows operating systems from Windows 7 and Server 2008 R2 through the latest Windows 11 v24H2 and Server 2025.
This zero-day flaw enables attackers to capture users’ NTLM authentication credentials simply by having them view a malicious file in Windows Explorer.
The vulnerability can be triggered when opening a shared folder, inserting a USB drive containing the malicious file, or even viewing a Downloads folder where such a file was previously downloaded from an attacker’s website.
NTLM Vulnerability Exploited in Attacks
The newly discovered vulnerability shares similar attack scenarios with a previously patched URL file flaw (CVE-2025-21377), though the underlying technical issue differs and has not been publicly documented before.
While security researchers are withholding specific exploitation details until Microsoft releases an official patch, they confirm the vulnerability allows for credential theft through malicious file interaction.
Stop attacks before they start, powered by a 97% precise neural Network to Detect Cyber Attacks
Although not classified as critical, this NTLM credential theft vulnerability remains dangerous, particularly in environments where attackers have already gained network access or can target public-facing servers like Exchange to relay stolen credentials.
Security intelligence confirms these types of vulnerabilities have been actively exploited in real-world attacks.
Micropatch Availability
The security team has reported this vulnerability to Microsoft according to responsible disclosure practices.
While awaiting an official fix, they have developed and released micropatches available via 0patch that will temporarily mitigate the issue. These micropatches will remain free until Microsoft implements a permanent solution.
This represents the fourth zero-day vulnerability recently discovered by the same research team following:
- Windows Theme file issue (patched as CVE-2025-21308)
- Mark of the Web issue on Server 2012 (still unpatched)
- URL File NTLM Hash Disclosure Vulnerability (patched as CVE-2025-21377)
Additionally, the “EventLogCrasher” vulnerability reported in January 2024, which allows attackers to disable Windows event logging across domain computers, remains unpatched by Microsoft.
The temporary security patches support a comprehensive range of Windows versions, including:
Legacy Windows versions:
- Windows 11 v21H2 and older Windows 10 versions (v21H2, v21H1, v20H2, etc.).
- Windows 7 with various Extended Security Update (ESU) statuses.
- Windows Server 2012/2012 R2/2008 R2 with different ESU configurations.
Currently supported Windows versions:
- Windows 11 (v24H2, v23H2, v22H2)
- Windows 10 v22H2
- Windows Server 2025, 2022, 2019, and 2016
- Windows Server 2012/2012 R2 with ESU 2
The micropatches have already been automatically distributed to affected systems with the 0patch Agent installed under PRO or Enterprise accounts.
To implement these protective measures, new users should create a free account in 0patch Central, start the available trial, and install and register the 0patch Agent.
The process requires no system reboots, and patch deployment occurs automatically, providing immediate protection against this zero-day vulnerability while awaiting Microsoft’s official fix.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
The post New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials – Unofficial Patch appeared first on Cyber Security News.
