New Windows Zero-Day Vulnerability Leaks NTLM Hashes

A new zero-day vulnerability in Windows allows remote attackers to steal NTLM credentials by tricking targets into viewing malicious files in Windows Explorer. Unofficial patches are available for free to address this flaw. Attackers can exploit this vulnerability using specially crafted files to trigger a leak of NTLM hashes, which can then be used for pass-the-hash attacks. This vulnerability has not yet been assigned a CVE, but temporary solutions are available to protect systems while awaiting an official patch from Microsoft.