Microsoft NTLM Zero-Day Looms Large: Unpatched and Dangerous

Microsoft NTLM Zero-Day Looms Large: Unpatched and Dangerous

A second zero-day vulnerability has been discovered in Microsoft's NTLM protocol, potentially enabling attackers to steal user credentials. Microsoft has recently released updated guidance to mitigate NTLM relay attacks, but a critical zero-day vulnerability in all versions of Windows, from Windows 7 to Windows 11, remains unpatched. This flaw could allow attackers to steal user credentials through simple actions like opening a shared folder or a malicious file. The NTLM Zero-Day Threat Researchers at ACROS Security discovered this vulnerability, which enables attackers to capture NTLM hashes by tricking users into opening malicious files. While Microsoft has classified the vulnerability as "Important," it's crucial to note that it won't be patched until April 2025. Mitigating NTLM Risks To protect your organization from NTLM-based attacks, consider the following steps: Enable Extended Protection for Authentication (EPA): This security measure strengthens authenticatio…