Source URL: https://www.theregister.com/2024/12/06/opatch_zeroday_microsoft/
Source: The Register
Title: Micropatchers share 1-instruction fix for NTLM hash leak flaw in Windows 7+
Feedly Summary: Microsoft’s OS sure loves throwing your creds at remote systems
Acros Security claims to have found an unpatched bug in Microsoft Windows 7 and onward that can be exploited to steal users’ OS account credentials.…
AI Summary and Description: Yes
Summary: Acros Security has identified an unpatched NTLM vulnerability affecting Microsoft Windows 7 and later versions, which can be exploited to steal users’ OS account credentials. This issue highlights the importance of micropatching as a security measure and raises concerns over support for aging operating systems, which may not receive timely official fixes.
Detailed Description: The report discusses a newly discovered security vulnerability that poses a risk to users of various versions of Microsoft Windows. Acros Security, a firm specializing in finding and issuing micropatches for flaws in software, details the nature of the vulnerability, which exploits the NTLM (NT LAN Manager) authentication protocol. Key highlights include:
– **Affected Systems**: The flaw impacts all Windows operating systems from Windows 7 and Server 2008 R2 up to the latest Windows 11 version 24H2 and Server 2022.
– **Nature of the Vulnerability**: Users can have their NTLM hashes leaked by viewing a specially crafted malicious file in Windows Explorer, which could be accessed via shared folders, USB drives, or the Downloads folder.
– **Threat Level**: As of the report, there are no known active attacks exploiting this vulnerability, and Acros will not disclose further technical details until necessary to maintain user safety.
– **Mitigation Strategy**: Acros is preparing a micropatch, which is a temporary fix targeting the specific vulnerability, set to be available free of charge until Microsoft releases an official patch. Micropatching has emerged as a valuable tool for organizations preferring more direct solutions over waiting for official updates.
– **Industry Context**: The report notes that many IT managers may turn to micropatching in the wake of Windows 10’s impending retirement, especially if Microsoft does not offer timely patches for security vulnerabilities.
– **Extended Support Offerings**: Microsoft is selling extended support for Windows 10 as the end of its mainstream support approaches. Options include a single-year support package available to individual users and a progressive pricing model for enterprise clients.
Overall, this incident underscores the ongoing challenges organizations face in maintaining security on legacy systems and the potential benefits of micropatching as a proactive security measure.