"While analyzing the issue, our security researchers decided to look around a bit and found an additional instance of the very same problem that was still present on all fully updated Windows versions, up to currently the latest Windows 11 24H2."
"When we learned about this second flaw, we had to fix our patches for CVE-2024-21320 as well."
"We're aware of this report and will take action as needed to help keep customers protected," a Microsoft spokesperson told us via email.
"Exploitation of this zero-day is identical to the previous ones previously reported, allowing attackers to send authenticated network requests containing a user's NTLM credentials."
Collection
[
|
...
]