A safety researcher found a vulnerability in Home windows theme information within the earlier 12 months, which allowed malicious actors to steal Home windows customers’ credentials.
When a theme file specifies a community path for particular properties, just like the model picture or wallpaper, Home windows routinely sends authenticated community requests to distant hosts, together with the consumer’s NTLM credentials.
This meant {that a} consumer’s safety might be compromised just by viewing a malicious theme file, and no further consumer interplay could be required to perform this.
Microsoft launched a patch three months after receiving the preliminary report to handle the vulnerability often called CVE-2024-21320.
Nevertheless, a vulnerability researcher found that the patch’s reliance on the PathIsUNC operate might be bypassed, doubtlessly resulting in NTLM credential leaks, which was attainable as a result of recognized strategies documented in 2016.
Defending Your Networks & Endpoints With UnderDefense MDR – Request Free Demo
Microsoft made an up to date patch accessible after the corporate acknowledged the issue and assigned it the identifier CVE-2024-38030.
The latest discovery of a second flaw associated to CVE-2024-21320 necessitated changes to present patches. This led safety researchers to establish a further vulnerability in Home windows theme information, affecting all variations as much as Home windows 11 24H2.
A extra complete patch was developed slightly than addressing the precise subject present in CVE-2024-38030 to forestall arbitrary community requests from being triggered by viewing theme information.
Microsoft’s 2011 weblog publish described their “Hacking for Variations” (HfV) course of, which includes proactively trying to find related vulnerabilities in a part after an preliminary subject is reported. This course of includes code overview, bug database evaluation, fuzz testing, and different instruments.
Though this follow was first found ten years in the past, it’s nonetheless related for software program distributors to undertake it in the event that they need to establish and deal with potential safety dangers extra comprehensively.
0patch lately found a zero-day vulnerability in Home windows 11 24H2, even after making use of the newest Microsoft patches for CVE-2024-21320 and CVE-2024-38030.
This vulnerability permits attackers to use a malicious theme file to steal consumer credentials.
They’ve knowledgeable Microsoft about this downside, however technical data is not going to be disclosed till the corporate has launched an answer.
Run non-public, Actual-time Malware Evaluation in each Home windows & Linux VMs. Get a 14-day free trial with ANY.RUN!