Latest Windows 11 Update and New Security Vulnerability
For users who haven’t yet received the latest Windows 11 feature update, version 24H2, it’s time to check for system updates. Microsoft has recently announced that this update is being gradually rolled out to a wider range of devices.
In a concerning development, the cybersecurity firm 0patch has uncovered a significant vulnerability within Windows that could enable attackers to capture NTLM credentials. This zero-day vulnerability impacts all users of Windows, including those running version 24H2 and various Windows Server editions. 0patch detailed their findings, stating:
“Our researchers discovered a vulnerability affecting all Windows Workstation and Server versions, from Windows 7 and Server 2008 R2 up to the latest Windows 11 v24H2 and Server 2022.”
This security flaw allows attackers to extract NTLM credentials if users merely open a malicious file accessed via Windows Explorer, such as those found in shared folders, USB drives, or even downloaded files.
Understanding the Absence of Windows Server 2025
Those curious about the omission of Windows Server 2025 in the vulnerability report will find that 0patch co-founder Mitja Kolsek has provided clarification. He indicated that sufficient testing is still ongoing, given that this version was launched only a month ago and includes new NTLM-related enhancements. Kolsek stated:
“Windows Server 2025 was only released in November, and we are currently conducting compatibility tests. Patches for zero-day vulnerabilities will be issued once testing is completed with satisfactory results.”
Microsoft’s Stance on NTLM Security
Microsoft is well aware of the inherent security vulnerabilities tied to NTLM (New Technology LAN Manager). Consequently, the company has declared its intention to phase out NTLM in favor of safer, more modern authentication alternatives, encouraging users and organizations to transition to these advanced security protocols.
How to Access the Security Patch
If you’re looking to bolster your system’s security against this vulnerability, you can access the appropriate patches by visiting 0patch Central and registering for a free account.
For further details and updates regarding this situation, check out the original source here.
Related Articles:
Microsoft Removes Convenient Windows 11 Feature for Quick Calls and Event Creation
20:51
Xbox Insiders Can Stream Owned Games on Xbox Series X|S and Xbox One with Cloud Gaming
18:35
Windows 11 Build 27764 Released with Start Menu Enhancements and Additional Features
18:16
Leave a Reply