unofficial
-
Blog
New Windows zero-day exposes NTLM credentials, gets unofficial patch
A new zero-day vulnerability has been discovered that allows attackers to capture NTLM credentials by simply tricking the target into viewing a malicious file in Windows Explorer. The flaw was discovered by the 0patch team, a platform that provides unofficial support for end-of-life Windows versions, and was reported to Microsoft. However, no official fix has been released yet. According to 0patch,…
Read More » -
Blog
New Windows Server 2012 zero-day gets free, unofficial patches
Free unofficial security patches have been released through the 0patch platform to address a zero-day vulnerability introduced over two years ago in the Windows Mark of the Web (MotW) security mechanism. Windows automatically adds Mark of the Web (MotW) flags to all documents and executables downloaded from untrusted sources. These MotW labels inform the Windows operating system, Microsoft Office, web…
Read More » -
Blog
New Windows Themes zero-day gets free, unofficial patches
Free unofficial patches are now available for a new Windows Themes zero-day vulnerability that allows attackers to steal a target’s NTLM credentials remotely. NTLM has been extensively exploited in NTLM relay attacks, where threat actors force vulnerable network devices to authenticate against servers under their control, and pass-the-hash attacks, where they exploit system vulnerabilities or deploy malicious software to acquire NTLM…
Read More »