Attackers can exploit this vulnerability by deceiving users into opening malicious files from shared folders or USB drives, or by accessing previously downloaded files.

In response to this vulnerability, ACROS Security is offering free and unofficial micropatches through its 0Patch service until Microsoft releases an official fix.

A newly discovered zero-day vulnerability in Windows allows remote attackers to steal NTLM credentials by tricking users into viewing malicious files in Windows Explorer.

Users can easily install the micropatch by creating an account and utilizing the 0patch agent, which applies the patch automatically without requiring a system restart.

0patch has previously addressed other zero-day vulnerabilities that Microsoft has yet to resolve, including a Windows Theme bug and a Mark of the Web bypass issue.

ACROS Security identified this flaw while working on patches for another NTLM hash disclosure issue, underscoring its potential for exploitation in NTLM relay and pass-the-hash attacks.

Although not classified as critical, the vulnerability's exploitability is contingent on the attacker's access to the victim's network.

To minimize the risk of exploitation, ACROS Security plans to withhold further details about the vulnerability until an official patch from Microsoft is available.

This vulnerability impacts all versions of Windows from Windows 7 to Windows 11, as well as Server 2008 R2 to Server 2025, and has not yet been assigned a CVE-ID.