A serious zero-day vulnerability has been identified affecting all versions of Windows operating systems, including Windows 7, Server 2008 R2, and the latest Windows 11 24H2 and Server 2022. This vulnerability poses a risk by enabling attackers to steal users’ NTLM (New Technology LAN Manager) credentials simply through a malicious file.
The security research team at 0patch has discovered this vulnerability and has reported that it can be exploited when users view harmful files in Windows Explorer. Common scenarios include opening shared folders, and USB drives, or accessing the Downloads folder that contains such files. This is concerning, particularly because even the most recent version of Windows 11 24H2 is affected. Though Microsoft has been informed of the issue, an official patch has not yet been made available.
In response to this threat, 0patch has released an unofficial patch to help mitigate the risk. They are also in the process of testing a patch for Windows Server 2025, which is the latest version released by Microsoft in November.
To protect themselves from potential credential theft, Windows users are advised to apply the unofficial patch provided by 0patch. To obtain the patch, users can visit 0patch Central and register for a free account.