New Windows Flaw Lets Hackers Steal Your Credentials

Windows theme files can automatically send authenticated network requests with user credentials when viewed in Explorer, potentially leaking sensitive information if the theme file specifies malicious network paths for its properties.

The CVE-2024-21320 vulnerability was addressed by Microsoft three months after it was reported, and patches were made available for Windows systems that are actively supported. 

Following the disclosure of vulnerability details, they proceeded to provide patches for systems that were not supported. 

Microsoft attempted to patch CVE-2024-21320 by using PathIsUNC to filter network paths, but this was bypassed using techniques documented by James Forshaw, allowing for potential NTLM credential leaks. 

The initial patch that Microsoft released for CVE-2024-21320 contained errors, which necessitated the implementation of a second fix (CVE-2024-38030). 

This led to the discovery of an additional vulnerability that is comparable to the one that was found in all of the current versions of Windows, including Windows 11 24H2.

0patch patched Windows theme files to prevent arbitrary network requests triggered by simply viewing a malicious theme file, addressing CVE-2024-38030 and similar potential vulnerabilities.

Even though Microsoft has stated that they have a process in place to find “variations” of vulnerabilities that have been reported, they were unable to find an additional instance of the vulnerability. 

It is surprising that they have overlooked this oversight given the detailed explanation that they provided regarding their vulnerability identification process.

In order to identify and eliminate potential vulnerabilities, the MSRC Engineering team, in conjunction with product teams, implements a rigorous process known as “Hacking for Variations” (HfV). 

This process involves comprehensive code and database reviews, as well as advanced fuzzing and testing techniques, to ensure the security of components even after updates are released.

Software vendors should proactively seek out and address potential vulnerabilities in their products, particularly those related to previously identified security issues, to ensure the overall security posture of their offerings.

They informed Microsoft about a zero-day vulnerability and distributed a micropatch in order to protect users of the 0patch and maintain confidentiality regarding the details until Microsoft releases a permanent fix.

Also Read:

Kaaviya
Kaaviyahttps://cyberpress.org/
Kaaviya is a Security Editor and fellow reporter with Cyber Press. She is covering various cyber security incidents happening in the Cyber Space.

Recent Articles

Related Stories

LEAVE A REPLY

Please enter your comment!
Please enter your name here