Windows Passwords At Risk As New 0-Day Confirmed—Act Now
NurPhoto via Getty Images
Oh boy, it's raining zero days for Windows users right now. Just two weeks on from Microsoft confirming no less than six zero-day attacks impacting users in the Windows operating system, like London buses, another has belatedly arrived. The difference, however, is this latest threat to all users of Windows Workstation and Server versions from Windows 7 and Server 2008 R2 to the latest Windows 11 v24H2 and Server 2025, has no official patch from Microsoft to fix it. This is a problem when you consider the endgame of an attacker exploiting this vulnerability is to steal password cases and bypass authentication protections. The good news is that there is a way to fix it, at least while you wait for Microsoft to act. Here's what you need to know.
A private message from Mitja Kolsek on the X social media platform dropped in my inbox late on March 25. I tend to take anything I receive from Kolsek seriously, as he's the CEO of ACROS Security. This company develops and distributes unofficial security patches for zero-day vulnerabilities where no official fix is available. 'We reported this to Microsoft and will not disclose details until they have issued an official patch,' was enough to trigger my journalistic intrigue and should be enough to trigger your desire to apply a temporary fix as well. Why so? Because, Kolsek explained, his researchers uncovered a vulnerability that 'allows an attacker to obtain user's NTLM credentials by having the user view a malicious file in Windows Explorer.'
If this sounds familiar, there's a good reason for that: I reported on a very similar Windows zero-day Dec. 6, 2024. Similar, but not the same. The 'impact and attack scenarios of this issue are identical,' Kolsek said, but the latest vulnerability is different and not yet publicly discussed. As already mentioned, Kolsek isn't going to be releasing the full technical details any time soon, at least not until Microsoft has issued a patch.
What we do know is that these NT Lan Manager vulnerabilities can enable an attacker to steal Windows credentials by simply tricking the user into viewing a malicious file. NTLM is a suite of Microsoft security protocols providing authentication, integrity and confidentiality to users. This is why the zero-day is of such importance, although it's not thought of as critical. 'These types of vulnerabilities are not critical,' Kolsek said, 'and their exploitability depends on several factors.' But, and it's a big but, they have been used in real-world attacks, and that's all you need to know. Well, that and the minor detail that NTLM exploits, including relay attacks to bypass authentication and pass-the-hash attacks to steal credentials, are widely used to gain access to networks, with all that can bring to the hacking party.
Given all of the above and the fact that a Microsoft spokesperson said, 'We are aware of this report and will take action as needed to help keep customers protected,' which likely means waiting until the next Patch Tuesday at least, I'd recommend taking action now.
This is where Kolsek and his micro patch solution enter stage left. 0patch seeks to address the vulnerability gap, that time between a zero-day being discovered and an official patch being released, by providing free mini-fixes in the meantime. This works using a patching agent that analyzes processes and applies any new patch in memory without disturbing the process itself. 'Since this is a 0day vulnerability with no official vendor fix available,' Kolsek said, 'we are providing our micropatches for free until such fix becomes available.' If you use Windows, you know what to do.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
44 minutes ago
- Yahoo
Nvidia, Microsoft, Palantir Lead Wedbush's Top Tech Bets on $2T AI Boom
July 4 - Wedbush Securities projects a more than 10% gain for major tech stocks in the second half of 2025, driven by a surge in enterprise and government AI spending. The top five picks are Nvidia (NASDAQ:NVDA), Meta Platforms (META), Microsoft (NASDAQ:MSFT), Palantir (NASDAQ:PLTR) and Tesla (NASDAQ:TSLA). Analysts estimate roughly $2 trillion will flow into AI initiatives over the next three years, unlocking new use cases and boosting demand for both software and semiconductors. Warning! GuruFocus has detected 4 Warning Signs with NVDA. Wedbush points to recent strength in tech amid tariff and geopolitical headwinds as a prelude to further market outperformance. They highlight the rollout of large language models and the true adoption of generative AI in corporate settings as key catalysts for renewed rallies. With enterprise consumption set to accelerate, we believe software and chip leaders are well positioned to lead this AI Revolution' through 2026, the note added. Investors will watch second?half earnings and AI deployment updates closely to see if these leaders can sustain the momentum. This article first appeared on GuruFocus. Sign in to access your portfolio
Yahoo
3 hours ago
- Yahoo
Bill Gates is worth $50 billion less than thought — and now trails his former assistant in net worth
Bloomberg recalculated Bill Gates' net worth on Thursday to reflect recent philanthropic giving. The change lowered his net worth by 30%, sending him seven places down Bloomberg's rich list. Gates now sits in 12th place, behind his former assistant, Steve Ballmer, in fifth. Bill Gates lost about $52 billion or 30% of his wealth on Thursday. But don't feel bad — his net worth was simply recalculated to reflect the Microsoft cofounder's charitable giving. The recalculation shrank Gates' fortune from over $175 billion to $124 billion, sending him from fifth place to 12th on the Bloomberg Billionaires Index. His former assistant and successor as Microsoft's CEO, Steve Ballmer, replaced him in the fifth spot with a $172 billion net worth as of Thursday's close. Gates also trails Alphabet cofounders Larry Page and Sergey Brin, Nvidia CEO Jensen Huang, and longtime friend and Berkshire Hathaway CEO Warren Buffett in the rankings. Bloomberg says that it lowered the appreciation rates used in calculating his wealth to "better reflect Gates' outside charitable giving and the wealth estimate" that Gates provided in a blog post in May. In that blog, Gates pegged his fortune at $108 billion and pledged to give away virtually all his money through the Gates Foundation over the next 20 years. He estimated the organization would spend more than $200 billion before closing at the end of 2045. According to the Gates Foundation website, Gates and his ex-wife, Melinda French Gates, have gifted a total of $60 billion to the organization as of December's close, and Buffett has donated $43 billion. Gates owns around 1% of Microsoft and has received upward of $60 billion in stocks and dividends from the company, according to his Bloomberg page. Most of his fortune is now housed within Cascade Investment, a holding company that invests in assets from real estate and energy to private and public companies. It's striking that Ballmer is now richer than Gates, given that employees are usually worth much less than successful founders. He's an exception in part because, when he joined Microsoft in 1980 as an assistant to the president, he agreed to a $50,000 base salary plus 10% of the profit growth he generated, but his compensation became so high that the company offered a sizable equity stake instead. Ballmer succeeded Gates as CEO in 2000 and stepped down in 2014 with a 4% stake in Microsoft. He now owns the Los Angeles Clippers. Microsoft stock has soared more than 10-fold over the past decade to nearly $500 a share, making it the world's second-most valuable company, after Nvidia, with a $3.7 trillion market cap. Ballmer recently told the "Acquired" podcast that Buffett's late business partner, Charlie Munger, asked him publicly why he held on to his Microsoft stock while the company's two cofounders, Gates and Paul Allen, diversified their investments much more. "Steve, I'm wondering why you held onto your Microsoft stock when your partners over there didn't," Ballmer recalled the famously frank Munger saying. "I know you're not that smart." "No, Charlie, but I'm that loyal," Ballmer replied. Read the original article on Business Insider
Engadget
3 hours ago
- Engadget
How AI can help you navigate layoffs, according to one executive producer at Xbox
It's been a rough week at Microsoft. Following the news that 9,000 people are being laid off at the company, one Xbox executive offered some questionable words of advice for people on their way out: Find solace in Microsoft Copilot. As reported by Aftermath , Matt Turnbull, an executive producer at Xbox Game Studios Publishing who clearly did not lose his job recently, took to LinkedIn to let folks know, "You're not alone and you don't have to go it alone." In the same breath as acknowledging that AI evokes "strong feelings in people," Turnbull suggested that LLMs like ChatGPT and Copilot could "help reduce the emotional and cognitive load that comes with job loss." Turnbull went on to provide specific AI prompts that he recommended for recently laid-off people, including, "Write a warm intro message for reaching out to someone at [studio name] about a job posting." He explained how an LLM could aid overwhelmed developers in planning their careers and punching up their resumés, and also help with "emotional clarity and confidence." The post was circulated on Bluesky by Necrosoft Games director and Insert Credit host Brandon Sheffield, where it received a predictably negative reaction. According to Video Games Chronicle , LinkedIn users were similarly unimpressed. Turnbull deleted the post a few hours later. Here's the full text from the LinkedIn post: These are really challenging times, and if you're navigating a layoff or even quietly preparing for one, you're not alone and you don't have to go it alone. I know these types of tools engender strong feelings in people, but I'd be remiss in not trying to offer the best advice I can under the circumstances. I've been experimenting with ways to use LLM Al tools (like ChatGPT or Copilot) to help reduce the emotional and cognitive load that comes with job loss. Here are some prompt ideas and use cases that might help if you're feeling overwhelmed: Career Planning Prompts:"Act as a career coach. I've been laid off from a [role] in the game industry. Help me build a 30-day plan to regroup, research new roles, and start applying without burning out." "What kinds of game industry jobs could I pivot to with experience in [Production/Narrative/LiveOps/etc.]?" Resume & Linkedin Help"Here's my current resume. Give me three tailored versions: one for AAA, one for platform/publishing roles, and one for startup/small studio leadership.""Rewrite this resume bullet to highlight impact and metrics." "Draft a new LinkedIn 'About Me' section that focuses on my leadership style, shipped titles, and vision for game development." Networking & Outreach"Draft a friendly message I can send to old coworkers letting them know I'm exploring new opportunities." "Write a warm intro message for reaching out to someone at [studio name] about a job posting." Emotional Clarity & Confidence "I'm struggling with imposter syndrome after being laid off. Can you help me reframe this experience in a way that reminds me what I'm good at?" No Al tool is a replacement for your voice or your lived experience. But at a time when mental energy is scarce, these tools can help get you unstuck faster, calmer, and with more clarity. If this helps, feel free to share with others in your network. Stay kind, stay smart, stay connected. Turnbull's post, however earnest, comes at a time when Microsoft is seemingly all-in on both AI and layoffs. The 9,000 job losses this week add to over 6,000 announced in May . Microsoft President Brad Smith began 2025 by committing to spend around $80 billion on AI infrastructure through the year, and CEO Satya Nadella recently shared that a large portion of his company's code is now authored by AI. Just last week, Business Insider reported on another executive telling employees that using Copilot is " no longer optional " in an internal memo. One developer at Halo Studios, which was affected by the layoffs, told Engadget's Jessica Conditt that they felt Xbox leadership was looking to "replace as many jobs as they can with AI agents." If you buy something through a link in this article, we may earn commission.
