New NTLM Vulnerability Addressed with Zero-Day Micropatches
In December 2024, 0patch issued an unofficial fix for a vulnerability related to NTLM (New Technology LAN Manager).This flaw was officially documented by Microsoft under the CVE identifier CVE-2025-21377 in February 2025. Recently, a similar vulnerability has emerged, prompting 0patch to roll out additional micropatches to address the issue.
Details of the Latest Vulnerability
According to the 0patch team, while enhancing security for SCF file handling, they unearthed another related vulnerability affecting numerous Windows versions:
While patching a SCF File NTLM hash disclosure issue on our security-adopted Windows versions, our researchers discovered a related vulnerability on all Windows Workstation and Server versions from Windows 7 and Server 2008 R2 to the latest Windows 11 v24H2 and Server 2025.
The vulnerability allows an attacker to obtain user NTLM credentials if a user opens a malicious file using Windows Explorer. This can occur by accessing a shared folder or USB drive containing such files or by viewing files automatically downloaded from an attacker’s webpage.
Scope of the Impact
This new zero-day vulnerability has the potential to affect nearly all Windows systems, including Windows Server 2025, which was not initially recognized as vulnerable in previous announcements. In their update, 0patch specifies the following systems that are receiving micropatches:
Micropatches were written for:
Legacy Windows Versions:
- Windows 11 v21H2 – fully updated
- Windows 10 v21H2 – fully updated
- Windows 10 v21H1 – fully updated
- Windows 10 v20H2 – fully updated
- Windows 10 v2004 – fully updated
- Windows 10 v1909 – fully updated
- Windows 10 v1809 – fully updated
- Windows 10 v1803 – fully updated
- Windows 7 – fully updated with no ESU (Extended Security Updates)
- Windows Server 2012 – fully updated with no ESU
- Windows Server 2012 R2 – fully updated with no ESU
- Windows Server 2008 R2 – fully updated with no ESU
Windows Versions Still Supported with Updates:
- Windows 11 v24H2 – fully updated
- Windows 11 v23H2 – fully updated
- Windows 11 v22H2 – fully updated
- Windows 10 v22H2 – fully updated
- Windows Server 2025 – fully updated
- Windows Server 2022 – fully updated
- Windows Server 2019 – fully updated
- Windows Server 2016 – fully updated
- Windows Server 2012 fully updated with ESU
- Windows Server 2012 R2 fully updated with ESU
Understanding the Risks Associated with NTLM
Microsoft has acknowledged the inherent security vulnerabilities associated with NTLM and has made it clear that users and organizations should transition to more secure protocols. As the emphasis on security increases, it’s important for all Windows users to stay updated with the latest patches and security advancements.
How to Obtain the Patch
To access the new micropatches, visit 0patch Central and create a free account through this link.
For further information and details, refer to the original source here.
Related Articles:
Microsoft Unveils Redesigned Windows 11 24H2 BSOD Without QR Code, Frowning Face, or Blue Color
19:16
Windows 11 introduces Quick Recovery feature for unbootable computers
18:20
Windows 11 Does Not Remove Workaround to Bypass Microsoft Account, But Requires More Effort
12:09
Leave a Reply ▼