Security experts person precocious uncovered a Windows Themes spoofing zero-day vulnerability that allows threat actors to bargain NTLM credentials.
Earlier successful 2024, Microsoft discovered, and patched, CVE-2024-21320 - a akin vulnerability pinch a 6.5 severity people (medium). The spot did not reside nan rumor entirely, and could beryllium bypassed, resulting successful nan find of CVE-2024-38030. Microsoft released nan hole for this spread successful July 2024.
Now, information researchers from Acros Security revealed how, arsenic they were tinkering pinch nan spot for CVE-2024-21320, they recovered “an further lawsuit of nan very aforesaid problem that was still coming connected each afloat updated Windows versions, up to presently nan latest Windows 11 24H2.”
Micropatch available
NTLM (NT LAN Manager) is simply a suite of information protocols utilized for authentication, integrity, and confidentiality successful Windows networks. It’s an older protocol, chiefly replaced by Kerberos successful modern systems, but it is still supported for backward compatibility.
The Register reached retired to Microsoft regarding this discovery, and was told nan OS shaper was looking into it: "We're alert of this study and will return action arsenic needed to thief support customers protected," a Microsoft spokesperson told nan publication.
In nan meantime, 0patch has developed a micropatch that fixes nan issue, truthful those of you who are worried astir nan bug and don’t want to hold for Microsoft, tin instal this 1 successful nan meantime.
"Exploitation of this zero-day is identical to nan erstwhile ones antecedently reported by Akamai," Acros said.
The vulnerability tin beryllium exploited alternatively easily, though it does require immoderate personification interaction, nan researchers explained. "The personification must either transcript nan taxable record (e.g., from an email connection aliases chat) to a files aliases desktop connected their computer, aliases sojourn a malicious web tract that automatically downloads nan record to their Downloads folder. It's not wholly without personification interaction,” they told nan publication.
More from TechRadar Pro
- Major caller malware run hits thousands of WordPress sites
- Here's a database of nan best firewalls today
- These are nan best endpoint protection tools correct now