Back in December 2024, 0patch had issued an unofficial patch for an NTLM-related vulnerability. A CVE (Common Vulnerabilities and Exposures) ID was later issued for it in February 2025 by Microsoft as CVE-2025-21377.
A similar NTLM flaw has again been discovered, and 0patch has issued new micropatches for the same. About the new vulnerability, the 0patch team explains:
While patching a SCF File NTLM hash disclosure issue on our security-adopted Windows versions, our researchers discovered a related vulnerability on all Windows Workstation and Server versions from Windows 7 and Server 2008 R2 to the latest Windows 11 v24H2 and Server 2025.
The vulnerability allows an attacker to obtain user's NTLM credentials by having the user view a malicious file in Windows Explorer - e.g., by opening a shared folder or USB disk with such file, or viewing the Downloads folder where such file was previously automatically downloaded from attacker's web page.
As you can see, this new zero-day affects almost all versions of Windows, including Windows Server 2025, which was not initially included in the list of affected Windows versions last time. The firm notes:
Micropatches were written for:
Legacy Windows versions:
- Windows 11 v21H2 - fully updated
- Windows 10 v21H2 - fully updated
- Windows 10 v21H1 - fully updated
- Windows 10 v20H2 - fully updated
- Windows 10 v2004 - fully updated
- Windows 10 v1909 - fully updated
- Windows 10 v1809 - fully updated
- Windows 10 v1803 - fully updated
- Windows 7 - fully updated with no ESU, ESU 1, ESU 2 or ESU 3
- Windows Server 2012 - fully updated with no ESU or ESU 1
- Windows Server 2012 R2 - fully updated with no ESU or ESU 1
- Windows Server 2008 R2 - fully updated with no ESU, ESU 1, ESU 2, ESU 3 or ESU 4
Windows versions still receiving Windows Updates:
- Windows 11 v24H2 - fully updated
- Windows 11 v23H2 - fully updated
- Windows 11 v22H2 - fully updated
- Windows 10 v22H2 - fully updated
- Windows Server 2025 - fully updated
- Windows Server 2022 - fully updated
- Windows Server 2019 - fully updated
- Windows Server 2016 - fully updated
- Windows Server 2012 fully updated with ESU 2
- Windows Server 2012 R2 fully updated with ESU 2
Microsoft itself understands the drawbacks of NTLM or New Technology LAN Manager when it comes to security. It is also why the company has already announced the death of the feature and has recommended users and organizations move on to more secure and modern alternatives.
To get access to the patch, head over to 0patch Central at this link and register with a free account.
10 Comments - Add comment