Windows Passwords At Risk As New 0-Day Confirmed—Act Now
This new Windows zero-day has no official fix.
NurPhoto via Getty Images
Oh boy, it's raining zero days for Windows users right now. Just two weeks on from Microsoft confirming no less than six zero-day attacks impacting users in the Windows operating system, like London buses, another has belatedly arrived. The difference, however, is this latest threat to all users of Windows Workstation and Server versions from Windows 7 and Server 2008 R2 to the latest Windows 11 v24H2 and Server 2025, has no official patch from Microsoft to fix it. This is a problem when you consider the endgame of an attacker exploiting this vulnerability is to steal password cases and bypass authentication protections. The good news is that there is a way to fix it, at least while you wait for Microsoft to act. Here's what you need to know.
A private message from Mitja Kolsek on the X social media platform dropped in my inbox late on March 25. I tend to take anything I receive from Kolsek seriously, as he's the CEO of ACROS Security. This company develops and distributes unofficial security patches for zero-day vulnerabilities where no official fix is available. 'We reported this to Microsoft and will not disclose details until they have issued an official patch,' was enough to trigger my journalistic intrigue and should be enough to trigger your desire to apply a temporary fix as well. Why so? Because, Kolsek explained, his researchers uncovered a vulnerability that 'allows an attacker to obtain user's NTLM credentials by having the user view a malicious file in Windows Explorer.'
If this sounds familiar, there's a good reason for that: I reported on a very similar Windows zero-day Dec. 6, 2024. Similar, but not the same. The 'impact and attack scenarios of this issue are identical,' Kolsek said, but the latest vulnerability is different and not yet publicly discussed. As already mentioned, Kolsek isn't going to be releasing the full technical details any time soon, at least not until Microsoft has issued a patch.
What we do know is that these NT Lan Manager vulnerabilities can enable an attacker to steal Windows credentials by simply tricking the user into viewing a malicious file. NTLM is a suite of Microsoft security protocols providing authentication, integrity and confidentiality to users. This is why the zero-day is of such importance, although it's not thought of as critical. 'These types of vulnerabilities are not critical,' Kolsek said, 'and their exploitability depends on several factors.' But, and it's a big but, they have been used in real-world attacks, and that's all you need to know. Well, that and the minor detail that NTLM exploits, including relay attacks to bypass authentication and pass-the-hash attacks to steal credentials, are widely used to gain access to networks, with all that can bring to the hacking party.
Given all of the above and the fact that a Microsoft spokesperson said, 'We are aware of this report and will take action as needed to help keep customers protected,' which likely means waiting until the next Patch Tuesday at least, I'd recommend taking action now.
This is where Kolsek and his micro patch solution enter stage left. 0patch seeks to address the vulnerability gap, that time between a zero-day being discovered and an official patch being released, by providing free mini-fixes in the meantime. This works using a patching agent that analyzes processes and applies any new patch in memory without disturbing the process itself. 'Since this is a 0day vulnerability with no official vendor fix available,' Kolsek said, 'we are providing our micropatches for free until such fix becomes available.' If you use Windows, you know what to do.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
25 minutes ago
- Yahoo
Price rise, consoles shift, and AI, Bernstein take on video games industry
-- The global video gaming industry is entering a new era of pricing power, platform shifts, and AI-driven innovation, with Bernstein forecasting a return to growth in 2025 after a turbulent year. Industry revenues are projected to rise near 5% to $215 billion next year, following a 2.7% decline in 2024 to $205 billion, according to Bernstein's deep dive into global gaming trends. The rebound is expected to be led by the highly anticipated launch of Nintendo's Switch 2, a renewed push from PlayStation on first-party titles, and modest gains in mobile. Mobile remained the largest segment in 2024 at $108 billion, while console revenues dropped 15% amid late-cycle dynamics and a lack of new flagship games. PC gaming grew 3.6% to $42.8 billion. But the headline change is pricing. Nintendo's $80 price tag for Mario Kart World sparked backlash and then sold out. Microsoft (NASDAQ:MSFT) quickly followed with its own hikes. Bernstein believes $80 games will soon be standard, breaking a decades-long ceiling that failed to keep up with inflation or rising production costs. 'Even at these new prices video gaming remains one of the cheapest forms of entertainment measured on dollars per hour of engagement, in contrast with say… movies or live events.,' Bernstein said. The firm also flagged a potentially underappreciated industry shift: a U.S. court ruling limiting Apple's cut of off-platform purchases. Developers are already experimenting with alternate payment paths, which could reduce mobile store fees and boost margins. Microsoft's pivot away from Xbox hardware after years of struggling to gain share outside the U.S. signals a consolidation around Sony (NYSE:SONY) and Nintendo in consoles. Meanwhile, AI is accelerating development, with generative tools enabling faster asset creation and smarter non-player characters. Bernstein sees these changes combining to lift revenue, margins, and long-term outlooks across the gaming ecosystem. Related articles Price rise, consoles shift, and AI, Bernstein take on video games industry GFL weighs sale in infrastructure arm valued at C$5 billion - Bloomberg Apple's WWDC called a 'yawner' amid delayed AI progress Sign in to access your portfolio
WIRED
43 minutes ago
- WIRED
Microsoft Finally Gets Into the Handheld Game With ROG Xbox Ally
Jun 9, 2025 4:47 PM Xbox players will soon get the freedom to play anywhere with two handheld consoles that Microsoft plans to release this holiday season. The ROG Xbox Ally X. Courtesy of XBOX Microsoft is finally shooting its shot for handheld gaming. During Summer Game Fest on June 8, the company debuted the console with a flashy trailer: a floating block of ice forming into the handheld before the Xbox logo cracks through and the system comes to life. Not just one, but two—the ROG Xbox Ally and its more powerful variation, the ROG Xbox Ally X—essentially a set of halved controllers comically strapped to a wide screen. Both are expected to arrive this holiday season, though details like pricing, accessories, and pre-orders still haven't been announced. It's been a long wait for a true Xbox handheld. While competitors like Nintendo, Sony, and Valve have already established handheld or hybrid consoles in some form, Microsoft has been slower to commit to gaming on the go—a move that has cost it a competitive edge against the Switch or Steam Deck. For a company that's put heavy emphasis on 'Xbox anywhere,' its lack of a console you could actually play anywhere has been a major oversight. The Ally consoles, which are being made with electronic manufacturer ASUS, will finally let people play games through remote play, cloud gaming, or the handheld itself. Both will run Windows 11, where your mileage may vary depending on your feelings about the divisive OS, which critics have described as 'so got dang annoying' for things like pop-up ads and a bad start menu. It will give players access to PC games, mod use, and apps such as Discord and Twitch, and include accessibility features found on Xbox. Fans will also be able to play games from Xbox, PC storefronts, Game Pass, and which will all sync between consoles, PC, and cloud gaming. In an interview with The Verge last year, Microsoft Gaming CEO Phil Spencer said the company has been 'learning from what Nintendo has done over the years with Switch.' He's also expressed admiration for the Steam Deck, ROG handheld, and Lenovo handheld Legion Go. Prior to that, a leak from Microsoft itself in September 2023 included information on a 'hybrid game platform,' then expected in 2028. Back when X allowed users to see other likes on posts, Xbox fans took note of Spencer liked tweets that declared an Xbox handheld 'inevitable.' The race to make consoles more powerful than they've ever been—or to compete with PCs—hasn't been as exciting, as the tech has steadily improved in the last decade. Instead, it's the console you can play on a plane or from bed—anywhere without a tv setup, really—that feels truly appealing. My Xbox Series X has spent most of its life languishing on my shelf and collecting dust while my Switch is a must-have for every trip I take. Breakout titles like Clair Obscur: Expedition 33 pulled me back to my Xbox briefly, but I, like many other gamers, want that option on the go. Impressions of the handheld so far have been largely positive. 'It ran nicely, felt good in my hands…the controls felt like Xbox controller grips,' wrote GameFile. 'The gameplay was crisp and clear.' IGN praised its gameplay experience, but also noted that the user interface could be more intuitive. A writer from The Guardian said they 'can easily see it becoming a serious competitor for both the Switch 2 and Valve's Steam Deck.' Microsoft is entering the market at a time when you can play most major video games on one handheld or another. With the Switch 2 out now, Nintendo already has a jump on the holiday season—and any potential tariffs or production problems that may occur. But Microsoft has no shortage of games. During Xbox's Summer Gamefest showcase, the company also showed off its upcoming release schedule, including Call of Duty: Black Ops 7 , The Outerworlds 2 , a Persona 4 remake, and Hollow Knight sequel Silksong . The Ally will launch with the massively popular Roblox, the first time the game has ever been available on a handheld. That strong library of games could give Xbox the leg up it needs—or, at least a fighting chance.
Yahoo
an hour ago
- Yahoo
Semtech (SMTC) Stock Trades Up, Here Is Why
Shares of semiconductor company Semtech (NASDAQ:SMTC) jumped 9.7% in the afternoon session after chip stocks rallied to start the week as investor optimism rose following trade discussions between U.S. and Chinese officials in London. Semiconductor companies have been among the hardest hit by the dispute, with key technologies subject to export controls. These restrictions have disrupted supply chains, creating uncertainty for both revenue growth and long-term planning. Following the talks, investor sentiment rebounded on expectations that some of these constraints may soon be lifted. U.S. National Economic Council Director Kevin Hassett reinforced this outlook, "Our expectation is that ... immediately after the handshake, any export controls from the U.S. will be eased, and the rare earths will be released in volume, and then we can go back to negotiating smaller matters.". The shares closed the day at $41.39, up 9.4% from previous close. Is now the time to buy Semtech? Access our full analysis report here, it's free. Semtech's shares are extremely volatile and have had 55 moves greater than 5% over the last year. In that context, today's move indicates the market considers this news meaningful but not something that would fundamentally change its perception of the business. The previous big move we wrote about was 12 days ago when the stock dropped 6.8% on the news that the company reported underwhelming first quarter 2025 results: revenue was just in line this quarter, and revenue guidance for next quarter missed. On the other hand, Semtech reported a big improvement in inventory levels. Its adjusted operating income outperformed Wall Street's estimates. Still, this print was a mixed yet weaker quarter. Semtech is down 34.4% since the beginning of the year, and at $40.72 per share, it is trading 47.2% below its 52-week high of $77.15 from January 2025. Investors who bought $1,000 worth of Semtech's shares 5 years ago would now be looking at an investment worth $754.91. Today's young investors likely haven't read the timeless lessons in Gorilla Game: Picking Winners In High Technology because it was written more than 20 years ago when Microsoft and Apple were first establishing their supremacy. But if we apply the same principles, then enterprise software stocks leveraging their own generative AI capabilities may well be the Gorillas of the future. So, in that spirit, we are excited to present our Special Free Report on a profitable, fast-growing enterprise software stock that is already riding the automation wave and looking to catch the generative AI next. Sign in to access your portfolio
