0patch releases yet another free fix for yet another 0day vulnerability in Windows that Microsoft has not addressed - The Legend of Hanuman
First aid kit

0patch releases yet another free fix for yet another 0day vulnerability in Windows that Microsoft has not addressed

by


First aid kit

Security issues in Windows crop up with scary frequency, and most are fixed by Microsoft… eventually. But while the tech giant works out how to patch holes in its buggy operating system, there are — thankfully — others who are willing to do the fixing faster.

0patch is a familiar name. It is a firm that, on a subscription basis, provides support and security fixes for versions of Windows that Microsoft has abandoned. It also frequently releases free patches for security issues that Microsoft is yet to fix, and this has just happened again with a fix for a worrying SCF File NTLM hash disclosure 0day vulnerability.

See also:

The security hole affects every version of Windows from Windows 7 up to the latest build of Windows 11, as well as Windows Sever from 2008 to 2025. 0patch says that the “impact and attack scenarios of this issue are identical to that of a previously discovered 0day in URL files (subsequently patched by Microsoft)”, but says that the flaw is somewhat different.

In a blog post about the release of the micropatches for the SCF File NTLM hash disclosure vulnerability, 0day says:

While patching a SCF File NTLM hash disclosure issue on our security-adopted Windows versions, our researchers discovered a related vulnerability on all Windows Workstation and Server versions from Windows 7 and Server 2008 R2 to the latest Windows 11 v24H2 and Server 2025. The vulnerability allows an attacker to obtain user’s NTLM credentials by having the user view a malicious file in Windows Explorer — e.g., by opening a shared folder or USB disk with such file, or viewing the Downloads folder where such file was previously automatically downloaded from attacker’s web page.

The company is not providing details about the vulnerability in a bid to reduce the risk of exploitation, but will undoubtedly do so in due course. This is likely to be when Microsoft produces an official fix — whenever that might be — although older versions of Windows will never receive a Microsoft-sanctioned patch, of course.

More information about the vulnerability, as well as details of how to get hold of the patches for free, can be found here.

Image credit: Andrii Zorii / Dreamstime.com




Share this content:

I am a passionate blogger with extensive experience in web design. As a seasoned YouTube SEO expert, I have helped numerous creators optimize their content for maximum visibility.

Contact

Leave a Comment