New Windows zero-day leaks NTLM hashes, gets unofficial patch
Published on: 2025-05-31 05:22:38
Free unofficial patches are available for a new Windows zero-day vulnerability that can let remote attackers steal NTLM credentials by tricking targets into viewing malicious files in Windows Explorer.
NTLM has been widely exploited in NTLM relay attacks (where threat actors force vulnerable network devices to authenticate to attacker-controlled servers) and pass-the-hash attacks (where they exploit vulnerabilities to steal NTLM hashes, which are hashed passwords).
Attackers then use the stolen hash to authenticate as the compromised user, gaining access to sensitive data and spreading laterally on the network. Last year, Microsoft announced plans to retire the NTLM authentication protocol in future Windows 11 versions.
ACROS Security researchers discovered the new SCF File NTLM hash disclosure vulnerability while developing patches for another NTLM hash disclosure issue. This new zero-day hasn't been assigned a CVE-ID and affects all versions of Windows, from Windows 7 up to the la
... Read full article.