New Windows zero-day leaks NTLM hashes, gets unofficial patch www.bleepingcomputer.com/news/secu…

Free unofficial patches are available for a new Windows zero-day vulnerability that can let remote attackers steal NTLM credentials by tricking targets into viewing malicious files in Windows Explorer.

NTLM has been widely exploited in NTLM relay attacks (where threat actors force vulnerable network devices to authenticate to attacker-controlled servers) and pass-the-hash attacks (where they exploit vulnerabilities to steal NTLM hashes, which are hashed passwords).

Attackers then use the stolen hash to authenticate as the compromised user, gaining access to sensitive data and spreading laterally on the network. Last year, Microsoft announced plans to retire the NTLM authentication protocol in future Windows 11 versions.