[German]ACROS Security has discovered a vulnerability in Windows that has not yet been closed by an update and allows the disclosure of NTLM hash values via URL. ACROS Security has released an opatch micropatch to fix this vulnerability. Until Microsoft provides an update, the opatch micropatch is available free of charge.
Advertising
Mitja Kolsek pointed out this issue and the opatch solution to me the night before X with the following tweet, which is described in detail in the article URL File NTLM Hash Disclosure Vulnerability (0day) – and Free Micropatches for it.
Security researchers from ACROS Security have recently discovered a vulnerability in all Windows Workstation and Server versions from Windows 7 and Server 2008 R2 to the latest Windows 11 v24H2 and Server 2022.
The vulnerability allows an attacker to obtain the user's NTLM credentials. The attacker simply needs to trick the user into viewing a malicious file in Windows Explorer. This can be done, for example, by opening a shared folder or USB disk containing such a file or by viewing the "Downloads" folder where such a file was previously downloaded automatically from the attacker's website.
Details of this vulnerability are being withheld until Microsoft provides a solution to fix the vulnerability. This is intended to minimize the risk of malicious exploitation. The security researchers have reported this problem to Microsoft – a security update is not yet available from Redmond.
Advertising
However, ACROS Security has developed micropatches to mitigate this vulnerability and is making them available for free via the 0patch agent until Microsoft provides an official update.
These micropatches have already been distributed and applied to all affected online computers with 0patch Agent in PRO or Enterprise accounts (unless Enterprise group settings have prevented this).
ACROS Security has written micropatches for the Windows versions listed below and is also making them available in the opatch-free version (until Microsoft releases an official update).
Older Windows versions:
Windows 11 v21H2 – fully updated
Windows 10 v21H2 – fully updated
Windows 10 v21H1 – fully updated
Windows 10 v20H2 – fully updated
Windows 10 v2004 – fully updated
Windows 10 v1909 – Fully updated
Windows 10 v1809 – Fully updated
Windows 10 v1803 – fully updated
Windows 7 – fully updated, without ESU, ESU 1, ESU 2 or ESU 3
Windows Server 2012 – fully updated, no ESU or ESU 1
Windows Server 2012 R2 – fully updated, no ESU or ESU 1
Windows Server 2008 R2 – fully updated, no ESU, ESU 1, ESU 2, ESU 3 or ESU 4
Windows versions that still receive Windows updates:
Windows 11 v24H2 – fully updated
Windows 11 v23H2 – fully updated
Windows 11 v22H2 – fully updated
Windows 10 v22H2 – fully updated
Windows Server 2022 – fully updated
Windows Server 2019 – fully updated
Windows Server 2016 – fully updated
Windows Server 2012 – fully updated with ESU 2
Windows Server 2012 R2 – fully updated with ESU 2
References to 0patch can be found in the blog posts linked below.
Similar articles:
0patch: Fix for Internet Explorer 0-day vulnerability CVE-2020-0674
0patch: Fix for Windows Installer flaw CVE-2020-0683
0patch fix for Windows GDI+ vulnerability CVE-2020-0881
0-day vulnerability in Windows Adobe Type Library
0patch fixes CVE-2020-0687 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1048 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1015 in Windows 7/Server 2008 R2
0patch for 0-day RCE vulnerability in Zoom for Windows
Windows Server 2008 R2: 0patch fixes SIGRed vulnerability
0patch fixes CVE-2020-1113 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1337 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1530 in Windows 7/Server 2008 R2
0patch fixes Zerologon (CVE-2020-1472) vulnerability in Windows Server 2008 R2
0patch fixes CVE-2020-1062 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1300 in Windows 7/Server 2008 R2
0patch fixes 0-day vulnerability in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1013 in Windows 7/Server 2008 R2
0patch fixes a Local Privilege Escalation 0-day in Sysinternals PsExec
0patch fixes Windows Installer 0-day Local Privilege Escalation vulnerability
0patch fixes 0-day in Internet Explorer
0patch fixes CVE-2021-26877 in the DNS server of Windows Server 2008 R2
0patch fixes Windows Installer LPE-Bug (CVE-2021-26415)
0Patch provides support for Windows 10 version 1809 after EOL
Windows 10 V180x: 0Patch fixes IE vulnerability CVE-2021-31959
0Patch Micropatches for PrintNightmare Vulnerability (CVE-2021-34527)
0patch fix for new Windows PrintNightmare 0-day vulnerability (Aug. 5, 2021)
0patch fix for Windows PetitPotam 0-day vulnerability (Aug. 6, 2021)
2nd 0patch fix for Windows PetitPotam 0-day vulnerability (Aug. 19, 2021)
Windows 10: 0patch fix for MSHTML vulnerability (CVE-2021-40444)
0patch fixes LPE Vulnerability (CVE-2021-34484) in Windows User Profile Service
0patch fixes LPE vulnerability (CVE-2021-24084) in Mobile Device Management Service
0patch fixes InstallerTakeOver LPE 0-day vulnerability in Windows
0patch fixes ms-officecmd RCE vulnerability in Windows
0patch fixes RemotePotato0 vulnerability in Windows
0patch fixes again vulnerability CVE-2021-34484 in Windows 10/Server 2019
0Patch fixes vulnerabilities (CVE-2022-26809 and CVE-2022-22019) in Windows
Windows MSDT 0-day vulnerability "DogWalk" receives 0patch fix
0patch fixes all known and exploitable Windows NTLM/Kerberos vulnerabilities
0patch fixes Memory Corruption vulnerability (CVE-2022-35742) in Microsoft Outlook 2010
Windows 7/Server 2008 R2 receive 0patch micropatches in 2023 and 2024
Windows: 0Patch Micropatch for MOTOW ZIP file bug (0-day, no CVE)
Windows: 0Patch micropatch for MotW bypassing 0-day (no CVE)
0patch Micropatches for Microsoft Office security feature bypass (CVE-2023-33150)
Windows Server 2012: Unofficial 0patch fix for MoW 0-day vulnerability
Advertising
