Windows Users Urged to Act Amid New Zero-Day Threat Targeting NTLM credentials

A fresh zero-day vulnerability affecting a wide range of Windows operating systems—from Windows 7 and Server 2008 R2 to the latest Windows 11 v24H2 and Server 2025—has been confirmed, leaving millions of users potentially exposed to credential theft. With no official patch from Microsoft in sight, cybersecurity experts are urging immediate action to mitigate the risk.

Unconfirmed Vulnerability Leaves Passwords at Risk

The vulnerability, revealed via a private message on the X social media platform by Mitja Kolsek, CEO of ACROS Security, allows attackers to capture NTLM credentials by tricking users into viewing a malicious file in Windows Explorer. NTLM, a suite of Microsoft security protocols designed to safeguard authentication, integrity, and confidentiality, is a long-standing target for attackers looking to bypass authentication measures and execute pass-the-hash attacks.

“While these types of vulnerabilities are not classified as critical, they have been used in real-world attacks,” Kolsek explained. “Their exploitability depends on several factors, but any exploit enabling the theft of NTLM credentials is one too many.” The exact technical details of the vulnerability remain under wraps, pending an official fix from Microsoft.

A History of Zero-Day Exploits

This recent zero-day is the latest in a series of similar threats. Just weeks after Microsoft acknowledged six zero-day attacks targeting Windows systems, this fresh vulnerability has added to growing concerns about the resilience of consumer and enterprise systems alike. Though reminiscent of a similar Windows zero-day reported on December 6, 2024, Kolsek stressed that the new vulnerability, while similar in impact and attack vectors, is distinct and yet to be publicly discussed in full technical detail.

A Temporary Patch from 0patch

In response to the immediate threat, ACROS Security has released a free micro patch solution via its 0patch service. This patch offers a temporary safeguard by dynamically analyzing processes and applying a fix in memory without disrupting system operations. “Since this is a 0-day vulnerability with no official vendor fix available,” Kolsek said, “we are providing our micropatches for free until such a fix becomes available.”

A Microsoft spokesperson acknowledged the report, stating, “We are aware of this report and will take action as needed to help keep customers protected.” However, the company’s next official patch is not expected until the next scheduled Patch Tuesday.

Recommendations for Windows Users

Experts advise Windows users to install the temporary 0patch solution immediately as a stopgap measure. Users are reminded to exercise caution when viewing files, especially from untrusted sources, and to remain vigilant about any unusual system behavior.

As Microsoft investigates and works on an official patch, the situation underscores the challenges in protecting systems against rapidly evolving threats. With the stakes as high as the potential exposure of critical authentication credentials, taking proactive measures remains essential for safeguarding personal and enterprise data.

For now, users are advised not to delay and to implement the temporary fixes available until a comprehensive solution is provided by Microsoft.

Photo Credit: DepositPhotos.com