Unofficial Fixes for Novel NTLM Hash-Exposing Zero-Day Issued
Microsoft has acknowledged the findings and disclosed ongoing evaluations for a potential fix for the bug.
ACROS Security has released unofficial patches for a novel Windows SCF File NTLM hash disclosure zero-day flaw, which could be leveraged to facilitate the compromise of NTLM credentials.
According to BleepingComputer, all Windows and Windows Server versions - since Windows 7 and Server 2008 R2 - are affected by the vulnerability, which was identified amid the development of fixes for a separate NTLM hash disclosure bug.
ACROS Security CEO Mitja Kolsek said: "Note that while these types of vulnerabilities are not critical and their exploitability depends on several factors (e.g., the attacker either already being in the victim's network or having an external target like a public-facing Exchange server to relay the stolen credentials to), they have been found to be used in actual attacks."
Microsoft has acknowledged the findings and disclosed ongoing evaluations for a potential fix for the bug.Upcoming Events
Related content
Claude Mythos: What CISOs Should Know
Iran and the New CNI Threat
Vulnerability Management and the AI Challenge
Identity-Based Attacks: The Threat and How to Mitigate It
Report: UK cyberattacks grow faster than global rate
Novel CyberStrikeAI tool exploited in attacks
Industry urges reform to retain women in tech
Confirm cancellation
An error occurred trying to play the stream. Please reload the page and try again.
CloseSign up benefits
Registering with SC Media is 100% free. Join tens of thousands of cybersecurity leaders today and gain access to the latest analysis shaping the global infosec agenda.
- Weekly newsletters featuring industry-leading insight
- Access to free cyber expert webinars and videos
- Privileged viewership of special reports, such as the Annual Cyber Salary Survey and Women of Influence