• 0Patch : Micropatches released for SCF File NTLM Hash Disclosure Vulnerability

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » 0Patch : Micropatches released for SCF File NTLM Hash Disclosure Vulnerability

    Author
    Topic
    Alex5723
    AskWoody Plus
    March 26, 2025 at 12:10 pm #2758307

    Micropatches released for SCF File NTLM Hash Disclosure Vulnerability (0day)

    While patching a SCF File NTLM hash disclosure issue on our security-adopted Windows versions, our researchers discovered a related vulnerability on all Windows Workstation and Server versions from Windows 7 and Server 2008 R2 to the latest Windows 11 v24H2 and Server 2025. The vulnerability allows an attacker to obtain user’s NTLM credentials by having the user view a malicious file in Windows Explorer – e.g., by opening a shared folder or USB disk with such file, or viewing the Downloads folder where such file was previously automatically downloaded from attacker’s web page…

    We reported this issue to Microsoft, and – as usual – issued micropatches for it that will remain free until Microsoft has provided an official fix…

    Since this is a “0day” vulnerability with no official vendor fix available, we are providing our micropatches for free until such fix becomes available…

    We are withholding details on this vulnerability until Microsoft’s fix becomes available to minimize the risk of malicious exploitation. ..

    4 users thanked author for this post.
    CraigS26, jburk07, Lars220, Cybertooth
    Reply | Quote
    Viewing 1 reply thread
    Author
    Replies
    • Alex5723
      AskWoody Plus
      March 27, 2025 at 3:09 am #2758415
      Reply | Quote
    • CraigS26
      AskWoody Plus
      March 27, 2025 at 12:41 pm #2758501

      I associated Opatch with Windows ONLY. Alex’s 1st Link produced a nice surprise About OFFICE I was unaware of (several years of Opatch PRO for me thanks to Susan’s prior post/advice).

      Did you know Opatch will security-adopt Windows 10 — and — Office 2016 (mine) /2019 — when they go out of support in October 2025, allowing you to keep using them for at least 5 more years? Read more about it here.

      W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0

      3 users thanked author for this post.
      Lars220, Cybertooth, Alex5723
      Reply | Quote
    Viewing 1 reply thread
    Reply To: 0Patch : Micropatches released for SCF File NTLM Hash Disclosure Vulnerability

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.