Zero-Day Bug in Windows Themes Enables NTLM Credential Theft

A zero-day vulnerability in Windows Themes enables attackers to steal NTLM credentials, exposing users to credential theft risks. Acros Security’s 0patch has released a free micropatch to address this flaw, allowing users protection without waiting for an official Microsoft fix. Microsoft has acknowledged the vulnerability but hasn’t provided details on a timeline for its patch. The issue, related to New Technology LAN Manager (NTLM) authentication protocols, was initially thought resolved with a patch for CVE-2024-21320. However, Akamai's Tomer Peled discovered that attackers could bypass this patch through crafted theme files, leading to CVE-2024-38030, which Microsoft addressed in July. Acros Security then identified an additional vulnerability in the same area, affecting all current Windows versions, including Windows 11 24H2. Acros has shared the zero-day’s details only with Microsoft but has provided a demonstration of its micropatch solution. Exploitation requires minimal user interaction, such as copying or downloading the malicious theme file. For full protection, users should apply the 0patch micropatch immediately. Read more...