In a startling revelation for Windows users, another 0-day vulnerability has been confirmed, leaving millions at increased risk. Just weeks after six zero-day exploits were acknowledged by Microsoft, this latest threat affects all versions of Windows Workstation and Server, ranging from Windows 7 and Server 2008 R2 all the way to the latest Windows 11 v24H2 and Server 2025. Unfortunately, there is currently no patch available from Microsoft for this alarming security flaw.

The Danger of the Vulnerability

What makes this vulnerability particularly dangerous? Cybercriminals could exploit it to steal user passwords and bypass critical authentication protections. According to cybersecurity expert Mitja Kolsek, CEO of ACROS Security, the breach allows attackers to gain access to users' NTLM credentials simply by tricking them into viewing a malicious file in Windows Explorer.

Background and Comparison

This vulnerability, while still fresh and lacking a formal designation, is especially concerning due to its potential for misuse. Kolsek's team has reported this issue to Microsoft and is withholding detailed information until an official remedy is released. This isn't the first time users have encountered such a threat—in fact, Kolsek noted similarities with a previously reported zero-day vulnerability from December 2024, showcasing an ongoing trend of disruptions targeting Windows users.

What are NTLM Protocols?

NT Lan Manager (NTLM) protocols are at the heart of this vulnerability, providing essential authentication and integrity for user credentials. Kolsek indicated that while such vulnerabilities are not classified as critical, they have been used in real-world attacks in the past. With techniques like relay attacks to bypass security and pass-the-hash attacks that enable credential theft, the dangers are very real.

Recommended Actions

As Microsoft investigates and prepares to respond, immediate action is recommended. In the wake of this new threat, Kolsek’s company has a temporary solution: they offer micropatches to address this vulnerability gap. Typically, these micropatches function by applying fixes in memory without disrupting ongoing processes, allowing users to maintain protections in the interim.

Use 0patch for Temporary Protection

For Windows users eager to safeguard their systems, taking advantage of 0patch is highly advisable until Microsoft rolls out a definitive fix.

Related Threats

In a related development, Kaspersky’s Global Research and Analysis Team has also identified another severe exploit affecting Windows users, which requires no user interaction other than clicking a link in a phishing message. This exploit leverages an issue in Chrome’s Mojo function and has already triggered a wave of infections. Dubbed Operation ForumTroll, this malicious campaign targets various sectors—including media, educational institutions, and government bodies—underscoring the extensive range of operations threatening users today.

Conclusion

With the ever-evolving landscape of cybersecurity threats, it’s clear: vigilance and prompt action are more critical than ever. If you’re a Windows user, stay informed, stay protected, and be proactive in implementing these temporary solutions while waiting for an official fix!