Free unofficial fixes are now available for a new zero-day flaw in Windows Themes that allows hackers to remotely harvest a target’s NTLM credentials.
NTLM has been extensively exploited in NTLM relay attacks, in which threat actors force susceptible network devices to authenticate against servers under their control, and in pass-the-hash attacks, in which attackers exploit system vulnerabilities or deploy malicious software to steal NTLM hashes (hash passwords) from target systems.
Once they acquire the hash, the attackers can impersonate the affected user, gaining access to sensitive data and expanding laterally throughout the now-compromised network. Microsoft indicated a year ago that it will drop the NTLM authentication technology in Windows 11.
ACROS security experts uncovered the new Windows Themes zero-day (which has yet to be assigned a CVE ID) while working on a micropatch for a flaw tracked as CVE-2024-38030 that might reveal a user’s credentials (reported by Akamai’s Tomer Peled), which was itself a workaround for another Windows Themes spoofing vulnerability (CVE-2024-21320)
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: