Our researchers discovered a vulnerability on all Windows Workstation and Server versions from Windows 7 and Server 2008 R2 to the latest Windows 11 v24H2 and Server 2022. The vulnerability allows an attacker to obtain user’s NTLM credentials by simply having the user view a malicious file in Windows Explorer – e.g., by opening a shared folder or USB disk with such file, or viewing the Downloads folder where such file was previously automatically downloaded from attacker’s web page.
We reported this issue to Microsoft, and – as usual – issued micropatches for it that will remain free until Microsoft has provided an official fix…
Since this is a “0day” vulnerability with no official vendor fix available, we are providing our micropatches for free until such fix becomes available.
Micropatches were written for:
Legacy Windows versions:
Windows 11 v21H2 – fully updated
Windows 10 v21H2 – fully updated
Windows 10 v21H1 – fully updated
Windows 10 v20H2 – fully updated
Windows 10 v2004 – fully updated
Windows 10 v1909 – fully updated
Windows 10 v1809 – fully updated
Windows 10 v1803 – fully updated
Windows 7 – fully updated with no ESU, ESU 1, ESU 2 or ESU 3
Windows Server 2012 – fully updated with no ESU or ESU 1
Windows Server 2012 R2 – fully updated with no ESU or ESU 1
Windows Server 2008 R2 – fully updated with no ESU, ESU 1, ESU 2, ESU 3 or ESU 4..Windows versions still receiving Windows Updates:
Windows 11 v24H2 – fully updated
Windows 11 v23H2 – fully updated
Windows 11 v22H2 – fully updated
Windows 10 v22H2 – fully updated
Windows Server 2022 – fully updated
Windows Server 2019 – fully updated
Windows Server 2016 – fully updated
Windows Server 2012 fully updated with ESU 2
Windows Server 2012 R2 fully updated with ESU 2…
* Windows 10 Pro 22H2
