$4.99/mo - Save 61% With Exclusive 2-Year Plan + 4 Months Free!Claim Now

Windows Themes Zero-Day Bug Puts NTLM Credentials at Risk

  • Last updated November 4, 2024
  • Anosha Shariq
    Anosha Shariq
    Anosha Shariq
    Writer
    Anosha Shariq is a dedicated news writer at VPNRanks, specializing in VPN and online privacy. With a journalism background, she covers cybersecurity and tech trends. A passionate pet lover, she also supports animal welfare initiatives. Anosha aims to provide clear, insightful information on digital privacy and security.
    See Full Bio >
    written by
    Anosha Shariq
    Anosha Shariq
    Anosha Shariq
    Writer
    Anosha Shariq is a dedicated news writer at VPNRanks, specializing in VPN and online privacy. With a journalism background, she covers cybersecurity and tech trends. A passionate pet lover, she also supports animal welfare initiatives. Anosha aims to provide clear, insightful information on digital privacy and security.
    See Full Bio >
    Writer
  • Midhat Tilawat
    Midhat Tilawat
    Midhat Tilawat
    Editor
    Midhat Tilawat is an experienced editor at VPNRanks, where she brings focused expertise in privacy-related content. Her interest in VPN technologies was sparked by encountering internet censorship during a research project, which highlighted the critical importance of digital freedom and privacy.
    See Full Bio >
    fact checked by
    Midhat Tilawat
    Midhat Tilawat
    Midhat Tilawat
    Editor
    Midhat Tilawat is an experienced editor at VPNRanks, where she brings focused expertise in privacy-related content. Her interest in VPN technologies was sparked by encountering internet censorship during a research project, which highlighted the critical importance of digital freedom and privacy.
    See Full Bio >
    Editor

United States, October 31, 2024- Windows themes Zero-Day bug uncovers major security risk, exposing users to NTLM credential theft.

A newly discovered zero-day in Windows Themes allows attackers to steal NTLM (New Technology LAN Manager) credentials. Mitja Kolsek, CEO of Acros Security said,

Millions of Windows users are now at risk of credential theft. The vulnerability, CVE-2024-38030, tricks Windows into sending NTLM credentials to remote hosts. Attackers can exploit this by prompting users to save or copy a malicious theme file. This action alone can unknowingly trigger the theft of credentials.

Microsoft attempted to patch this issue earlier, but Akamai researcher Tomer Peled found a workaround. His discovery led to the issue’s reemergence, demanding further action. Affected users remain vulnerable until an official fix is released.

Fortunately, Acros Security has developed a free 0patch micropatch to secure systems until Microsoft provides a fix. A Microsoft spokesperson said,

No official timeline for the patch has been confirmed. Kolsek explained that while analyzing the bug, researchers found the issue still present in fully updated Windows versions, including the latest Windows 11 24H2 update. The discovery makes it urgent to get a patch from Microsoft.

The 0patch micro patch covers legacy and current Windows Workstation versions, providing a timely solution. Users are advised to install the micro patch immediately. This action will help mitigate the risk until Microsoft issues a permanent update.

Other News At VPNRanks

Hey, wait!

Stay informed on the latest privacy updates, cybersecurity insights, and internet freedom news by following VPNRanks news daily! As your primary resource for critical updates in online security, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life!