Recently, a significant zero-day vulnerability has come to light within Microsoft's NTLM (New Technology LAN Manager) security protocol, affecting a wide range of Windows operating systems. Identified by the micropatching service, 0patch, this flaw poses a serious threat as it enables attackers to steal user credentials simply by having victims view specially crafted files within Windows Explorer.
The vulnerability impacts all versions of Windows Server and Workstation from as far back as Windows 7 and Server 2008 R2, extending to the most recent updates of Windows 11 and Server 2022. Currently, Microsoft has not issued an official fix for this issue, which further intensifies concerns about the security of its operating systems.
On December 11, Microsoft announced 71 security updates during its Patch Tuesday release, aimed at addressing various vulnerabilities. However, the critical zero-day flaw linked to NTLM was not among the vulnerabilities resolved in this update, despite its serious implications and active exploitation in the wild.
Over the course of 2024, Microsoft has addressed a total of 1,020 security vulnerabilities, the second-highest number on record for the company, second only to the 1,250 vulnerabilities patched in 2020.
The root of the NTLM vulnerability lies in its outdated and insecure design, which has long been recognized as a weak point in Windows security. Attackers can exploit this flaw by forcing users to open malicious files, whether through shared folders or infected USB drives, resulting in compromised user credentials.
In response to this serious oversight, 0patch has implemented a temporary "micropatch." This solution is a quick and lightweight binary modification that can be deployed without requiring a system restart, allowing users to safeguard their systems while awaiting a comprehensive solution from Microsoft. Users can utilize this micropatch for free until Microsoft releases an official fix.
Notably, around 40% of 0patch's user base is currently leveraging these micropatches to protect their systems against vulnerabilities that Microsoft has opted not to remediate. Additionally, 0patch continually provides updates for legacy systems, such as Windows 7 and plans to maintain security support for Windows 10 for five additional years beyond its official support ending.
For more details, refer to the original report by 0patch here and Microsoft's Patch Tuesday guidelines here.
Original source
3D Printing Canada/USA - Igniting innovation with superior 3D printers and exceptional service. Experience creativity unleashed with our dedicated support. Trust your visions to our expert team. At 3DPC, we bring your ideas to life!