According to Acros, this latest flaw affects all systems from Windows 7 and Server 2008 R2 to the latest Windows 11 v24H2 and Server 2022.
"The vulnerability allows an attacker to obtain user's NTLM credentials by simply having the user view a malicious file in Windows Explorer," said CEO Mitja Kolsek.
Acros, which develops unofficial 'micropatches' to close holes in software that vendors won't address, claims to have found an unpatched bug in Microsoft Windows.
Leaked NTLM credential hashes can be used to authenticate as users or cracked to reveal their plaintext passwords, potentially.
Collection
[
|
...
]