Serving tech enthusiasts for over 25 years.
TechSpot means tech analysis and advice you can trust.
Facepalm: While cyber-criminals are quick at exploiting dangerous security flaws, Microsoft is often very slow with its patching work. Third-party services like 0patch can now provide an alternative way to secure Windows workstations, especially those with outdated versions of Windows.
Researchers at 0patch discovered a new zero-day vulnerability in Microsoft's NTLM technology, a security flaw that could easily compromise user credentials. The bug affects all Windows Server and Workstation versions from Windows 7 and Server 2008 R2 to the latest, fully updated Windows 11 24H2 and Server 2022. Microsoft still has to provide an official fix for the issue.
The vulnerability allows attackers to steal NTLM credentials by forcing users to view a specially designed file in Windows Explorer. The researchers explained that vulnerable systems can be compromised by just opening a shared folder or a USB disk drive or viewing a malicious file previously downloaded from a web browser.
The New Technology LAN Manager (NTLM) is an ancient and very insecure suite of protocols employed by Windows systems to provide user authentication and confidentiality. Researchers warn that NTLM passwords are weak, as they can be easily brute-forced with modern hardware that excels at number-crunching tasks.
The analysts reported the newly discovered issue to Microsoft as usual, but they also released a "micropatch" for the company's customers to quickly and transparently fix the hole. Patches issued by 0patch are microscopic binary modifications of processes running in memory, so they don't require a process or OS restart.
The micropatch for the NTLM zero-day flaw will remain free until Microsoft has provided an official fix. This patch is the third zero-day vulnerability 0patch recently found and reported to Microsoft, and Redmond has ignored them all. There are also three other previously disclosed NTLM-related flaws that Microsoft has not fixed, for which 0patch currently offers free updates.
The company said that 40 percent of its users are presently using 0patch to protect their systems against flaws in the "won't fix" category, while other users are installing these micropatches on their legacy Windows systems and Office releases. 0patch still offers security support for Windows 7 and will provide five extra years of security patches for Windows 10 after October 2025.
English (US) ·