Aman Mishra
2024-11-04 07:32:00
gbhackers.com
A security researcher discovered a vulnerability in Windows theme files in the previous year, which allowed malicious actors to steal Windows users’ credentials.
When a theme file specifies a network path for specific properties, like the brand image or wallpaper, Windows automatically sends authenticated network requests to remote hosts, including the user’s NTLM credentials.
This meant that a user’s security could be compromised simply by viewing a malicious theme file, and no additional user interaction would be required to accomplish this.
Microsoft released a patch three months after receiving the initial report to address the vulnerability known as CVE-2024-21320.
However, a vulnerability researcher discovered that the patch’s reliance on the PathIsUNC function could be bypassed, potentially leading to NTLM credential leaks, which was possible due to known techniques documented in 2016.
Protecting Your Networks & Endpoints With UnderDefense MDR – Request Free Demo
Microsoft made an updated patch available after the company acknowledged the problem and assigned it the identifier CVE-2024-38030.
The recent discovery of a second flaw related to CVE-2024-21320 necessitated adjustments to existing patches. This led security researchers to identify an additional vulnerability in Windows theme files, affecting all versions up to Windows 11 24H2.
A more comprehensive patch was developed rather than addressing the specific issue found in CVE-2024-38030 to prevent arbitrary network requests from being triggered by viewing theme files.
Microsoft’s 2011 blog post described their “Hacking for Variations” (HfV) process, which involves proactively searching for similar vulnerabilities in a component after an initial issue is reported. This process involves code review, bug database analysis, fuzz testing, and other tools.
Even though this practice was first discovered ten years ago, it is still relevant for software vendors to adopt it if they want to identify and address potential security risks more comprehensively.
0patch recently discovered a zero-day vulnerability in Windows 11 24H2, even after applying the latest Microsoft patches for CVE-2024-21320 and CVE-2024-38030.
This vulnerability allows attackers to exploit a malicious theme file to steal user credentials.
They have informed Microsoft about this problem, but technical information will not be disclosed until the company has released a solution.
Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!
Support Techcratic
If you find value in Techcratic’s insights and articles, consider supporting us with Bitcoin. Your support helps me, as a solo operator, continue delivering high-quality content while managing all the technical aspects, from server maintenance to blog writing, future updates, and improvements. Support Innovation! Thank you.
Bitcoin Address:
bc1qlszw7elx2qahjwvaryh0tkgg8y68enw30gpvge
Please verify this address before sending funds.
Bitcoin QR Code
Simply scan the QR code below to support Techcratic.
Please read the Privacy and Security Disclaimer on how Techcratic handles your support.
Disclaimer: As an Amazon Associate, Techcratic may earn from qualifying purchases.
