Micro-patching service 0Patch have disclosed a new 0-day vulnerability that affects all recent client and server versions of the Windows operating system.
A successful exploit gives the attacker access to a user’s credentials. All that is required for that is that the user opens a folder on Windows that contains a malicious file.
0Patch releases micro-patches for security issues. It supports various Windows and Office clients, even after Microsoft ended support for them officially.
The company released a patch in February for a vulnerability that Microsoft did not consider worthy of a patch.
0Patch reveals in a blog post that the issue affects Windows 7 to Windows 11 version 24H2, and Windows Server 2008 R2 to Server 2022. Windows Server 2025 is likely also affected, but it is still under testing since its release in November 2024.
The company writes:
Our researchers discovered a vulnerability on all Windows Workstation and Server versions from Windows 7 and Server 2008 R2 to the latest Windows 11 v24H2 and Server 2022. The vulnerability allows an attacker to obtain user’s NTLM credentials by simply having the user view a malicious file in Windows Explorer – e.g., by opening a shared folder or USB disk with such file, or viewing the Downloads folder where such file was previously automatically downloaded from attacker’s web page.
Good to know: NTML, which stands for New Technology Lan Manager, is a set of security protocols used by Microsoft in all recent versions of Windows.
0Patch says that it has reported the vulnerability to Microsoft and that it is withholding information about the issue until it is fixed by Microsoft.
It is the third 0-day vulnerability that 0Patch reported to Microsoft recently. The previous two, a Windows theme file issue and a Mark of the Web issue, have not been fixed by Microsoft according to 0Patch.
Micro-patches are available for all three 0-Day vulnerability. 0Patch subscribers should get these automatically, provided that they run the 0Patch application on their Windows devices.
As per the usual terms, the company is providing free users with the micro-patches as well, as Microsoft has not yet created an official patch to protect devices against potential attacks.
Additional information about the issue is available on the linked website.
Good news to hear someone patched the exploit; however, how does the “malicious file” get on the system? Would I have to download an infected program? Which one(s) may be carriers?
“All that is required for that is that the user opens a folder on Windows that contains a malicious file.”
Downloads are a possibility. You download the infected file from a website. Other distribution methods are possible, e.g., per email.