Zero-Day Vulnerability in Windows Exposes User Credentials

Critical zero-day vulnerability in Windows exposes user credentials. A newly identified zero-day vulnerability affects all supported and legacy versions of Microsoft Windows, allowing attackers to capture NTLM credentials simply by having users view a malicious file in Windows Explorer. Disclosed by security researchers at 0patch, this vulnerability poses a significant risk to both organizations and individuals, as it exploits common file-sharing practices. The flaw impacts a wide range of Windows versions, from Windows 7 to Windows 11, necessitating immediate mitigation efforts. In response, 0patch has released free micropatches for various Windows versions, including those no longer supported by Microsoft, while urging users to implement multi-factor authentication and maintain updated security software to mitigate risks.