A New Bypass Detected by ACROS Security
A new zero-day vulnerability has been exposed recently! The newly discovered zero-day bug on Windows Theme files is exposing people’s NTLM credentials. It is one of the serious risks identified recently by Akamai researcher, Tomer Peled. Researchers at ACROS security have reported that this vulnerability is a serious ongoing risk that Windows users are facing from NTLM-related exploits.
Microsoft patched CVE-2024-21320 back in January to address NTLM credential theft. This should have stopped the NTLM leak issue. But Akamai researcher Tomer Peled discovered that attackers could still bypass the patch resulting in CVE-2024-38030. Attackers could bypass the patch by just sending a malicious theme file and convincing the users to manipulate the file. User interaction is not necessary here.
A Temporary Patch by ACROS Security
ACROS Security’s Opatch developed a temporary patch to fix the issue so that users don’t have to wait for the official patch of Microsoft since they haven’t come up with a proper solution. ACROS Security’s temporary patch prevents the NTLM credential leak caused by the Windows theme file.
The malicious theme file when copied to the desktop initiates a network connection. In this way, the NTLM credentials are sent to the attacker’s machine. However, installing the Opatch micro patch, correctly identifies and blocks the path in the Windows theme file, ensuring that no unauthorized connections are initiated.
Stay Ahead with HAZERCLOUD’s Cyber Security Services
New vulnerabilities are emerging day by day. It has become a necessity to safeguard your business, data, and applications no matter where they reside! Get VAPT and web application penetration testing services to identify vulnerabilities and ensure the safety of web applications and infrastructure.
Identify vulnerabilities, implement security measures, and respond to security breaches.