Dec 8, 05:36 PM

Zero-Day Vulnerability CVE-2024-38193 Discovered in All Windows Versions, Third-party Patch Available

A critical zero-day vulnerability has been discovered in all versions of Windows, allowing for the potential theft of authentication credentials without user interaction. This security flaw, identified as CVE-2024-38193, can be exploited simply by viewing a malicious file in File Explorer. A third-party patch has been released by #0patch to address this issue, which has already been exploited in the wild. The vulnerability is particularly concerning due to its ability to hijack NTLM hashes, posing significant risks to user security and system integrity.

#Windows #File Explorer #NTLM

Written with ChatGPT (GPT-4o mini).

Sources

Nicolas Krassas@Dinosn
1 year ago
Windows Zero-Day Vulnerability CVE-2024-38193 Exploited in the Wild: PoC Published https://t.co/I632HOYUe7
Nicolas Krassas@Dinosn
1 year ago
Activation Context Hijacking: “Eclipse” PoC Weaponizes Trusted Processes https://t.co/y6CpObql9x
Tom's Hardware@tomshardware
1 year ago
Zero-day Windows NTLM hash vulnerability gets patched by third-party —credentials can be hijacked by merely viewing a malicious file in File Explorer https://t.co/YKtwmsjlk0 https://t.co/KAsc9vas0g

Zero-Day Vulnerability CVE-2024-38193 Discovered in All Windows Versions, Third-party Patch Available

Sources

Additional media

Similar Stories