Again in December 2024, 0patch had issued an unofficial patch for an NTLM-related vulnerability. A CVE (Widespread Vulnerabilities and Exposures) ID was later issued for it in February 2025 by Microsoft as CVE-2025-21377.
The same NTLM flaw has once more been found, and 0patch has issued new micropatches for a similar. Concerning the new vulnerability, the 0patch workforce explains:
Whereas patching a SCF File NTLM hash disclosure situation on our security-adopted Home windows variations, our researchers found a associated vulnerability on all Home windows Workstation and Server variations from Home windows 7 and Server 2008 R2 to the newest Home windows 11 v24H2 and Server 2025.
The vulnerability permits an attacker to acquire consumer’s NTLM credentials by having the consumer view a malicious file in Home windows Explorer – e.g., by opening a shared folder or USB disk with such file, or viewing the Downloads folder the place such file was beforehand robotically downloaded from attacker’s net web page.
As you’ll be able to see, this new zero-day impacts virtually all variations of Home windows, together with Home windows Server 2025, which was not initially included within the record of affected Home windows variations final time. The agency notes:
Micropatches had been written for:
Legacy Home windows variations:
- Home windows 11 v21H2 – totally up to date
- Home windows 10 v21H2 – totally up to date
- Home windows 10 v21H1 – totally up to date
- Home windows 10 v20H2 – totally up to date
- Home windows 10 v2004 – totally up to date
- Home windows 10 v1909 – totally up to date
- Home windows 10 v1809 – totally up to date
- Home windows 10 v1803 – totally up to date
- Home windows 7 – totally up to date with no ESU, ESU 1, ESU 2 or ESU 3
- Home windows Server 2012 – totally up to date with no ESU or ESU 1
- Home windows Server 2012 R2 – totally up to date with no ESU or ESU 1
- Home windows Server 2008 R2 – totally up to date with no ESU, ESU 1, ESU 2, ESU 3 or ESU 4
Home windows variations nonetheless receiving Home windows Updates:
- Home windows 11 v24H2 – totally up to date
- Home windows 11 v23H2 – totally up to date
- Home windows 11 v22H2 – totally up to date
- Home windows 10 v22H2 – totally up to date
- Home windows Server 2025 – totally up to date
- Home windows Server 2022 – totally up to date
- Home windows Server 2019 – totally up to date
- Home windows Server 2016 – totally up to date
- Home windows Server 2012 totally up to date with ESU 2
- Home windows Server 2012 R2 totally up to date with ESU 2
Microsoft itself understands the drawbacks of NTLM or New Know-how LAN Supervisor with regards to safety. Additionally it is why the corporate has already introduced the loss of life of the characteristic and has really helpful customers and organizations transfer on to safer and trendy alternate options.
To get entry to the patch, head over to 0patch Central at this hyperlink and register with a free account.
No Comment! Be the first one.