Saturday, December 7, 2024
HomeCyber Security NewsNew Windows Zero-Day Vulnerability Let Attackers Steal Credentials From Victim’s Machine

New Windows Zero-Day Vulnerability Let Attackers Steal Credentials From Victim’s Machine

Published on

SIEM as a Service

A security researcher discovered a vulnerability in Windows theme files in the previous year, which allowed malicious actors to steal Windows users’ credentials.

When a theme file specifies a network path for specific properties, like the brand image or wallpaper, Windows automatically sends authenticated network requests to remote hosts, including the user’s NTLM credentials.

This meant that a user’s security could be compromised simply by viewing a malicious theme file, and no additional user interaction would be required to accomplish this.

- Advertisement - SIEM as a Service

Microsoft released a patch three months after receiving the initial report to address the vulnerability known as CVE-2024-21320.

However, a vulnerability researcher discovered that the patch’s reliance on the PathIsUNC function could be bypassed, potentially leading to NTLM credential leaks, which was possible due to known techniques documented in 2016.

Protecting Your Networks & Endpoints With UnderDefense MDR – Request Free Demo

Microsoft made an updated patch available after the company acknowledged the problem and assigned it the identifier CVE-2024-38030.

The recent discovery of a second flaw related to CVE-2024-21320 necessitated adjustments to existing patches. This led security researchers to identify an additional vulnerability in Windows theme files, affecting all versions up to Windows 11 24H2.

A more comprehensive patch was developed rather than addressing the specific issue found in CVE-2024-38030 to prevent arbitrary network requests from being triggered by viewing theme files.

Microsoft’s 2011 blog post described their “Hacking for Variations” (HfV) process, which involves proactively searching for similar vulnerabilities in a component after an initial issue is reported. This process involves code review, bug database analysis, fuzz testing, and other tools.

Even though this practice was first discovered ten years ago, it is still relevant for software vendors to adopt it if they want to identify and address potential security risks more comprehensively.

0patch recently discovered a zero-day vulnerability in Windows 11 24H2, even after applying the latest Microsoft patches for CVE-2024-21320 and CVE-2024-38030.

This vulnerability allows attackers to exploit a malicious theme file to steal user credentials.

They have informed Microsoft about this problem, but technical information will not be disclosed until the company has released a solution.

Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!

Latest articles

DaMAgeCard Attack – New SD Card Attack Lets Hackers Directly Access System Memory

Security researchers have identified a significant vulnerability dubbed "DaMAgeCard Attack" in the new SD...

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...

Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware

BlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

DaMAgeCard Attack – New SD Card Attack Lets Hackers Directly Access System Memory

Security researchers have identified a significant vulnerability dubbed "DaMAgeCard Attack" in the new SD...

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...