Windows Passwords At Risk As New 0-Day Confirmed—Act Now
Just two weeks after Microsoft confirmed six zero-day attacks impacting users in the Windows operating system, another has arrived. The latest threat to all users of Windows Workstation and Server versions from Windows 7 and Server 2008 R2 to the latest Windows 11 v24H2 and Server 2025 has no official patch from Microsoft to fix it. This is a problem when you consider the endgame of an attacker exploiting this vulnerability is to steal password cases and bypass authentication protections.
The good news is that there is a way to fix it, at least while you wait for Microsoft to act. ACROS Security, a company developed and distributed unofficial security patches for zero-day vulnerabilities where no official fix is available, has identified a new Windows Password Hash Vulnerability. The vulnerability was discovered by CEO Mitja Kolsek's researchers, who found that an attacker can obtain user's NTLM credentials by having the user view a malicious file in Windows Explorer.
This vulnerability is similar to another one reported just days before, but Kolsek explained that the latest vulnerability is different and not yet publicly discussed. As already mentioned, Kolsek isn’t going to be releasing the full technical details any time soon, at least not until Microsoft has issued a patch. What we do know is that these NT Lan Manager vulnerabilities can enable an attacker to steal Windows credentials by simply tricking the user into viewing a malicious file.
NTLM is a suite of Microsoft security protocols providing authentication, integrity and confidentiality to users. This is why the zero-day is of such importance, although it’s not thought of as critical. “These types of vulnerabilities are not critical,” Kolsek said, “and their exploitability depends on several factors.” But, and it’s a big but, they have been used in real-world attacks, and that’s all you need to know.
Elon Musk Vows Social Security Recipients Will ‘Receive More Money’ Under DOGE Changes—But Doesn’t Say How Today’s NYT Mini Crossword Clues And Answers For Friday, March 28th ‘Snow White’ Numbers Projected To Drop 53% Or More In Second Weekend As Microsoft Investigates, Windows Users Can Use This Temporary Fix
Given all of the above and the fact that a Microsoft spokesperson said, “We are aware of this report and will take action as needed to help keep customers protected,” which likely means waiting until the next Patch Tuesday at least, I’d recommend taking action now. ACROS Security’s 0patch seeks to address the vulnerability gap, that time between a zero-day being discovered and an official patch being released, by providing free mini-fixes in the meantime.
This works using a patching agent that analyzes processes and applies any new patch in memory without disturbing the process itself. “Since this is a 0day vulnerability with no official vendor fix available,” Kolsek said, “we are providing our micropatches for free until such fix becomes available.” If you use Windows, you know what to do.
Chromium Browsers On Windows Hit By Another New Zero-Day Exploit
Kaspersky’s Global Research & Analysis Team, the acronym for which is the rather self-satisfied GreAT, has uncovered another zero-day vulnerability that impacts Windows users. Attackers are actively exploiting this vulnerability to compromise Windows devices. This exploit requires no user interaction, with the exception of clicking a single link in a malicious message.
The campaign behind these attacks was labeled Operation ForumTroll by the GReAT researchers, targeting media outlets, educational institutions and, interestingly, government organizations in Russia. “The malicious links were extremely short-lived to evade detection,” Kaspersky said. Analysis of the malware suggested that this was an exploit designed for espionage purposes.
“This vulnerability stands out among the dozens of zero-days we’ve discovered over the years,” Boris Larin, principal security researcher at Kaspersky GReAT, said. “The exploit bypassed Chrome’s sandbox protection without performing any obviously malicious operations – it’s as if the security boundary simply didn’t exist.”
What’s critical about this is that it displays technical sophistication of the type seen by well-resourced threat actors. “We strongly advise all users to update their Google Chrome and any Chromium-based browser to the latest version to protect against this vulnerability,” Larin concluded.
Conclusion
In conclusion, Windows users are facing a new zero-day exploit that puts their passwords at risk. While Microsoft is aware of the issue, it has not yet released an official patch. ACROS Security's 0patch provides a temporary solution until then. If you use Chrome or Edge on Windows, it’s essential to update now to protect against this vulnerability.