• Windows Themes zero-day could have exposed users to credential th

    From TechnologyDaily@1337:1/100 to All on Thursday, October 31, 2024 10:15:05
    Windows Themes zero-day could have exposed users to credential theft and more

    Date:
    Thu, 31 Oct 2024 10:05:53 +0000

    Description:
    Fortunately, a micropatch is available now, so update as soon as possible.

    FULL STORY ======================================================================

    Security experts have recently uncovered a Windows Themes spoofing zero-day vulnerability that allows threat actors to steal NTLM credentials.

    Earlier in 2024, Microsoft discovered, and patched, CVE-2024-21320 - a
    similar vulnerability with a 6.5 severity score (medium). The patch did not address the issue entirely, and could be bypassed, resulting in the discovery of CVE-2024-38030. Microsoft released the fix for this hole in July 2024.

    Now, security researchers from Acros Security revealed how, as they were tinkering with the patch for CVE-2024-21320, they found an additional
    instance of the very same problem that was still present on all fully updated Windows versions, up to currently the latest Windows 11 24H2. Micropatch available

    NTLM (NT LAN Manager) is a suite of security protocols used for authentication, integrity, and confidentiality in Windows networks. Its an older protocol, primarily replaced by Kerberos in modern systems, but it is still supported for backward compatibility.

    The Register reached out to Microsoft regarding this discovery, and was told the OS maker was looking into it: "We're aware of this report and will take action as needed to help keep customers protected," a Microsoft spokesperson told the publication.

    In the meantime, 0patch has developed a micropatch that fixes the issue, so those of you who are worried about the bug and dont want to wait for Microsoft, can install this one in the meantime.

    "Exploitation of this zero-day is identical to the previous ones previously reported by Akamai," Acros said.

    The vulnerability can be exploited rather easily, although it does require some user interaction, the researchers explained. "The user must either copy the theme file (e.g., from an email message or chat) to a folder or desktop
    on their computer, or visit a malicious web site that automatically downloads the file to their Downloads folder. It's not entirely without user interaction, they told the publication. More from TechRadar Pro Major new malware campaign hits thousands of WordPress sites Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/windows-themes-zero-day-could-have-expo sed-users-to-credential-theft-and-more


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)