If didn’t obtain Home windows 11’s newest function replace, model 24H2, in its first spherical of launch, you could wish to verify for updates as Microsoft introduced yesterday that it’s rolling out to extra methods.

On the identical day, the group over at 0patch introduced that it recognized a brand new Home windows vulnerability that enables attackers to steal NTLM credentials utilizing malware. This zero-day safety flaw impacts all Home windows purchasers, together with Home windows 11 24H2, and server variations. Microsoft has been made conscious of it. 0patch writes:

Our researchers found a vulnerability on all Home windows Workstation and Server variations from Home windows 7 and Server 2008 R2 to the newest Home windows 11 v24H2 and Server 2022.

The vulnerability permits an attacker to acquire consumer’s NTLM credentials by merely having the consumer view a malicious file in Home windows Explorer – e.g., by opening a shared folder or USB disk with such file, or viewing the Downloads folder the place such file was beforehand routinely downloaded from attacker’s net web page.

In case you are questioning why Home windows Server 2025 is lacking from the listing, 0patch co-founder, Mitja Kolsek, says that the group remains to be testing it as it’s nonetheless lower than a month outdated and it additionally has NTLM-related enhancements, amongst different issues. Kolesk writes:

Home windows Server 2025 has solely been launched this November and remains to be present process compatibility testing. We’ll begin issuing 0day patches for it when testing is accomplished (and outcomes passable)

Microsoft itself understands the drawbacks of NTLM or New Expertise LAN Supervisor in terms of safety. Additionally it is why the corporate has already introduced the dying of the function and has beneficial customers and organizations transfer on to safer and trendy options.

To get entry to the patch, head over to 0patch Central at this hyperlink and register with a free account.