Nice NTLM Hash You Got There, Shame If Someone Was To Grab It
Happy Friday, happy new Windows 0-day exploit. Today it is researchers from 0patch who discovered a way to ruin your day. This particular flaw will work on any system running Windows 7 and Server 2008 R2 straight up to current Windows 11 24H2 and Server 2022 systems. It takes advantage of a yet undisclosed flaw and if a user can be convinced to download a file, not a terribly difficult achievement, simply having that file listed in an Explorer window is enough to trigger the exploit. The file is specially crafted to cause the machine to try to connect to a remote share and to do so it sends the users NTLM hash to the attacker. Once they have that hash they can crack it at their leisure and will eventually have your password in plain text to use for nefarious purposes.
There is currently no official patch, but 0patch does offer an unofficial one that will protect you, if you are willing to give it a go. This flaw is the third recently discovered by 0patch which Microsoft have not yet released an official fix for. Those were a Mark of the Web (MotW) bypass on Windows Server 2012 found last month, made known late last month, and a Windows Themes vulnerability from back in October. 0patch offers unofficial patches for both, if you are curious you can see how to get your hands on those patches at Bleeping Computer.