Cyber Security News

New Windows Zero-Day Vulnerability Let Attackers Steal Credentials From Victim’s Machine

A security researcher discovered a vulnerability in Windows theme files in the previous year, which allowed malicious actors to steal Windows users’ credentials.

When a theme file specifies a network path for specific properties, like the brand image or wallpaper, Windows automatically sends authenticated network requests to remote hosts, including the user’s NTLM credentials.

This meant that a user’s security could be compromised simply by viewing a malicious theme file, and no additional user interaction would be required to accomplish this.

Microsoft released a patch three months after receiving the initial report to address the vulnerability known as CVE-2024-21320.

However, a vulnerability researcher discovered that the patch’s reliance on the PathIsUNC function could be bypassed, potentially leading to NTLM credential leaks, which was possible due to known techniques documented in 2016.

Protecting Your Networks & Endpoints With UnderDefense MDR – Request Free Demo

Microsoft made an updated patch available after the company acknowledged the problem and assigned it the identifier CVE-2024-38030.

The recent discovery of a second flaw related to CVE-2024-21320 necessitated adjustments to existing patches. This led security researchers to identify an additional vulnerability in Windows theme files, affecting all versions up to Windows 11 24H2.

A more comprehensive patch was developed rather than addressing the specific issue found in CVE-2024-38030 to prevent arbitrary network requests from being triggered by viewing theme files.

Microsoft’s 2011 blog post described their “Hacking for Variations” (HfV) process, which involves proactively searching for similar vulnerabilities in a component after an initial issue is reported. This process involves code review, bug database analysis, fuzz testing, and other tools.

Even though this practice was first discovered ten years ago, it is still relevant for software vendors to adopt it if they want to identify and address potential security risks more comprehensively.

0patch recently discovered a zero-day vulnerability in Windows 11 24H2, even after applying the latest Microsoft patches for CVE-2024-21320 and CVE-2024-38030.

This vulnerability allows attackers to exploit a malicious theme file to steal user credentials.

They have informed Microsoft about this problem, but technical information will not be disclosed until the company has released a solution.

Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!

Aman Mishra

Recent Posts

10 Best DNS Management Tools – 2025

Best DNS Management Tools play a crucial role in efficiently managing domain names and their…

34 mins ago

Sweet Security Announces Availability of its Cloud Native Detection & Response Platform on the AWS Marketplace

Customers can now easily integrate Sweet’s runtime detection and response platform into their AWS environments…

13 hours ago

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling them…

17 hours ago

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases from…

17 hours ago

Tor Network Suffers IP Spoofing Attack Via Non-Exit Relays

In late October 2024, a coordinated IP spoofing attack targeted the Tor network, prompting abuse…

18 hours ago

Metasploit Framework Released with New Features

The Metasploit Framework, a widely used open-source penetration testing tool maintained by Rapid7, has introduced…

20 hours ago