Update, Dec. 07, 2024: This story, originally published Dec. 06 now includes a statement from Microsoft about the new Windows zero-day vulnerability and further information about the 0patch micro-patching platform.
Researchers at Acros Security have confirmed the existence of another Windows zero-day threat, a credential-stealer that affects all versions of Windows from 7 through 11 and Windows Server 2008 R2 onwards. Here’s what you need to know and how to protect yourself while Microsoft is readying a patch to protect against the exploit.
The Windows Zero-Day Exploit With No Official Fix—What We Know So Far
The zero-day vulnerability, which has been reported to Microsoft but currently has no Common Vulnerabilities and Exposures allocation or, indeed, any official patch, is about as bad as it gets. Impacting the Windows NT LAN Manager, a suite of Microsoft security protocols providing authentication, integrity and confidentiality to users, full technical details are being withheld until such a time that an official Microsoft fix starts rolling out to minimize any further risk of exploitation.
“The vulnerability allows an attacker to obtain user’s NTLM credentials by simply having the user view a malicious file in Windows Explorer,” Mitja Kolsek, founder of Acros security which operates the 0patch vulnerability patch management platform, said. Just by opening a shared folder or USB disk containing the malicious file, or even simply viewing the downloads folder where the file was automatically downloaded from an attacker’s web page, is all it takes to exploit the threat.
How To Protect Your Version Of Windows
Until an official fix is made available by Microsoft itself, Windows users can protect themselves using the free “micropatch” that has been made available by the 0patch platform. These patches are even available for those versions of Windows that are outside of official support.
0patch is an interesting interim solution to the vulnerability patch gap problem. Although there are commercial plans available, there’s also a free account that enables anyone to keep on top of zero-day vulnerabilities that are being exploited in the wild but for which there is no official path yet available. “With 0patch,”Kolsek said, “there are no reboots or downtime when patching and no fear that a huge official update will break production.” It works by way of a patching agent that analyses all running prioress on a computer and as soon as a micro-patch is available it applies it in memory without disturbing the process itself.
I reached out to Microsoft for more information about this new Windows vulnerability, and a spokesperson said: “We are investigating this report and will take action as needed to help keep customers protected.”
