If you did not receive Windows 11's latest feature update, version 24H2, in its first round of release, you may want to check for updates as Microsoft announced yesterday that it is rolling out to more systems.
On the same day, the team over at 0patch announced that it identified a new Windows vulnerability that allows attackers to steal NTLM credentials using malware. This zero-day security flaw affects all Windows clients, including Windows 11 24H2, and server versions. Microsoft has been made aware of it. 0patch writes:
Our researchers discovered a vulnerability on all Windows Workstation and Server versions from Windows 7 and Server 2008 R2 to the latest Windows 11 v24H2 and Server 2022.
The vulnerability allows an attacker to obtain user's NTLM credentials by simply having the user view a malicious file in Windows Explorer - e.g., by opening a shared folder or USB disk with such file, or viewing the Downloads folder where such file was previously automatically downloaded from attacker's web page.
If you are wondering why Windows Server 2025 is missing from the list, 0patch co-founder, Mitja Kolsek, says that the team is still testing it as it is still less than a month old and it also has NTLM-related enhancements, among other things. Kolesk writes:
Windows Server 2025 has only been released this November and is still undergoing compatibility testing. We'll start issuing 0day patches for it when testing is completed (and results satisfactory)
Microsoft itself understands the drawbacks of NTLM or New Technology LAN Manager when it comes to security. It is also why the company has already announced the death of the feature and has recommended users and organizations move on to more secure and modern alternatives.
To get access to the patch, head over to 0patch Central at this link and register with a free account.
22 Comments - Add comment