Windows Themes zero-day bug exposes users to NTLM credential theft
A zero-day vulnerability in Windows Themes, CVE-2024-38030, allows NTLM credential theft through malicious theme files. Acros Security offers a micropatch, while Microsoft has not announced an official fix timeline.
Read original article
A newly discovered zero-day vulnerability in Windows Themes allows attackers to steal NTLM credentials, which are used for network authentication. This flaw, identified as CVE-2024-38030, enables exploitation through malicious theme files that can be sent via email or downloaded from compromised websites. Users need to interact with the file, either by copying it or visiting a malicious site, to trigger the vulnerability. Acros Security has developed a free micropatch to mitigate the risk while Microsoft has not yet provided a timeline for an official fix. The issue is a continuation of problems related to NTLM credential leaks, which Microsoft attempted to address in a previous patch (CVE-2024-21320) earlier this year. Acros Security's CEO noted that the vulnerability persists across all updated Windows versions, including Windows 11 24H2. The company has reported the flaw to Microsoft and is withholding further details until a patch is released.
- A zero-day vulnerability in Windows Themes allows NTLM credential theft.
- Users must interact with malicious theme files for the exploit to work.
- Acros Security has released a free micropatch to address the issue.
- Microsoft has not yet provided a timeline for an official fix.
- The vulnerability affects all updated versions of Windows, including Windows 11.
Related
Hackers bypass Windows SmartScreen flaw to launch malware
Cybercriminals are exploiting a Microsoft Defender vulnerability (CVE-2024-21412) to install malware undetected. Many systems remain unpatched, making them vulnerable. Users should update Windows and be cautious with email attachments.
About that Windows Installer 'make me admin' security hole. How it's exploited
Microsoft patched a critical Windows Installer vulnerability, CVE-2024-38014, allowing privilege escalation. SEC Consult released a tool to identify vulnerable files, urging users to apply the patch promptly.
Microsoft Says Windows Update Zero-Day Being Exploited to Undo Security Fixes
Microsoft warns of a critical vulnerability, CVE-2024-43491, in Windows 10, version 1507, exploited to reverse security fixes. Users should install specific updates. Adobe also issued patches for critical flaws.
Exploit Released for New Windows Server "WinReg" NTLM Relay Attack
A proof-of-concept exploit for Microsoft's CVE-2024-43532 vulnerability allows NTLM relay attacks, affecting Windows Server 2008-2022 and Windows 10/11, with detection methods recommended by researchers.
New Windows Driver Signature bypass allows kernel rootkit installs
A new vulnerability allows attackers to bypass Windows Driver Signature Enforcement, downgrading kernel components on patched systems. The Windows Downdate tool facilitates this, highlighting the need for improved endpoint security.
1 commentsRelated
Hackers bypass Windows SmartScreen flaw to launch malware
Cybercriminals are exploiting a Microsoft Defender vulnerability (CVE-2024-21412) to install malware undetected. Many systems remain unpatched, making them vulnerable. Users should update Windows and be cautious with email attachments.
About that Windows Installer 'make me admin' security hole. How it's exploited
Microsoft patched a critical Windows Installer vulnerability, CVE-2024-38014, allowing privilege escalation. SEC Consult released a tool to identify vulnerable files, urging users to apply the patch promptly.
Microsoft Says Windows Update Zero-Day Being Exploited to Undo Security Fixes
Microsoft warns of a critical vulnerability, CVE-2024-43491, in Windows 10, version 1507, exploited to reverse security fixes. Users should install specific updates. Adobe also issued patches for critical flaws.
Exploit Released for New Windows Server "WinReg" NTLM Relay Attack
A proof-of-concept exploit for Microsoft's CVE-2024-43532 vulnerability allows NTLM relay attacks, affecting Windows Server 2008-2022 and Windows 10/11, with detection methods recommended by researchers.
New Windows Driver Signature bypass allows kernel rootkit installs
A new vulnerability allows attackers to bypass Windows Driver Signature Enforcement, downgrading kernel components on patched systems. The Windows Downdate tool facilitates this, highlighting the need for improved endpoint security.