InfoSecBulletin Cybersecurity for mankind
A newly found zero-day vulnerability lets attackers steal NTLM credentials by manipulating targets into opening a malicious file in Windows Explorer.
The 0patch team found a flaw and reported it to Microsoft, but no official fix has been released yet.
Microsoft Patches Four Critical Azure and Power Apps Vulns
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
CVE-2025-29824
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day
Hacker exploited Samsung MagicINFO 9 Server RCE flaw
CISA adds Langflow flaw to its KEV catalog
Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
UAP hosted “UAP Cyber Siege 2025”, A national level cybersecurity competition
0patch reports that the issue affects all Windows versions from Windows 7 and Server 2008 R2 up to Windows 11 24H2 and Server 2022, but it currently has no CVE ID.
0patch has not revealed the technical details of the vulnerability until Microsoft issues an official fix to avoid encouraging exploitation.
The researchers noted that the attack occurs just by viewing a specially crafted malicious file in File Explorer, without needing to open it.
“The vulnerability allows an attacker to obtain [the] user’s NTLM credentials by simply having the user view a malicious file in Windows Explorer – e.g., by opening a shared folder or USB disk with such file, or viewing the Downloads folder where such file was previously automatically downloaded from attacker’s web page,” explains 0patch.
0patch is offering a free micropatch for the recent NTLM zero-day to all registered users until Microsoft releases an official fix.
To get the unofficial patch, create a free account on 0patch Central, start a free trial, and install the agent. It will automatically apply the necessary micropatches without needing a reboot.
