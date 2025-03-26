0patch releases yet another free fix for yet another 0day vulnerability in Windows that Microsoft has not addressed

No Comments
First aid kit

Security issues in Windows crop up with scary frequency, and most are fixed by Microsoft… eventually. But while the tech giant works out how to patch holes in its buggy operating system, there are -- thankfully -- others who are willing to do the fixing faster.

0patch is a familiar name. It is a firm that, on a subscription basis, provides support and security fixes for versions of Windows that Microsoft has abandoned. It also frequently releases free patches for security issues that Microsoft is yet to fix, and this has just happened again with a fix for a worrying SCF File NTLM hash disclosure 0day vulnerability.

See also:

The security hole affects every version of Windows from Windows 7 up to the latest build of Windows 11, as well as Windows Sever from 2008 to 2025. 0patch says that the “impact and attack scenarios of this issue are identical to that of a previously discovered 0day in URL files (subsequently patched by Microsoft)”, but says that the flaw is somewhat different.

In a blog post about the release of the micropatches for the SCF File NTLM hash disclosure vulnerability, 0day says:

While patching a SCF File NTLM hash disclosure issue on our security-adopted Windows versions, our researchers discovered a related vulnerability on all Windows Workstation and Server versions from Windows 7 and Server 2008 R2 to the latest Windows 11 v24H2 and Server 2025. The vulnerability allows an attacker to obtain user's NTLM credentials by having the user view a malicious file in Windows Explorer -- e.g., by opening a shared folder or USB disk with such file, or viewing the Downloads folder where such file was previously automatically downloaded from attacker's web page.

The company is not providing details about the vulnerability in a bid to reduce the risk of exploitation, but will undoubtedly do so in due course. This is likely to be when Microsoft produces an official fix -- whenever that might be -- although older versions of Windows will never receive a Microsoft-sanctioned patch, of course.

More information about the vulnerability, as well as details of how to get hold of the patches for free, can be found here.

Image credit: Andrii Zorii / Dreamstime.com

No Comments
Got News? Contact Us

Recent Headlines

0patch releases yet another free fix for yet another 0day vulnerability in Windows that Microsoft has not addressed

Deepfakes and how to deal with them [Q&A]

Ready or not, Microsoft is testing early builds of Windows 11 25H2 on users

Forget Windows 11 and try AerynOS instead -- this new Linux distro just got a fresh ISO and powerful updates

Google unveils Gemini 2.5 in a desperate bid to catch up with ChatGPT

Discord rolls out a redesigned Game Overlay and desktop update to boost your PC gaming experience

Three-quarters of companies now use open source observability tools

Most Commented Stories

Windows 25 solves Windows 11's biggest problem -- download it now

61 Comments

'It just works': AcreetionOS is the easy-to-use alternative to Windows 10/11 -- switch to it now

48 Comments

Windows Vista 2025 Edition fixes Windows 11's biggest problems -- download it now

27 Comments

New Firefox terms of use could push users to Google Chrome

27 Comments

Windows 20 is the upgrade Windows 11 should have been -- download it now

16 Comments

Forget Windows 12, Windows 11 2025 Edition is the Microsoft operating system we need!

15 Comments

Microsoft is ready to create more annoyance by rolling out OneDrive ads to Office users

14 Comments

Forget Google Chrome and Firefox, LibreWolf is the privacy focused browser you've been looking for

13 Comments

© 1998-2025 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.