BleepingComputer reports that ACROS Security has released unofficial patches for a novel Windows SCF File NTLM hash disclosure zero-day flaw, which could be leveraged to facilitate the compromise of NTLM credentials.
All Windows and Windows Server versions since Windows 7 and Server 2008 R2 are affected by the vulnerability, which was identified amid the development of fixes for a separate NTLM hash disclosure bug, said ACROS Security researchers. "Note that while these types of vulnerabilities are not critical and their exploitability depends on several factors (e.g., the attacker either already being in the victim's network or having an external target like a public-facing Exchange server to relay the stolen credentials to), they have been found to be used in actual attacks," noted ACROS Security CEO Mitja Kolsek, who maintained the availability of the free patches until Microsoft addresses the issue. Microsoft has acknowledged the findings and disclosed ongoing evaluations for a potential fix for the bug.
Threat actors have exploited 159 CVEs during the first three months of 2025, compared with 151 during the last quarter of 2024, with almost a third of vulnerabilities leveraged in attacks within a day of their disclosure, according to The Hacker News.
Clandestine rootkit compromise possible with Linux io_uring interface issue Rootkit compromise on Linux systems could remain undetected through the exploitation of a security issue impacting the Linux kernel interface io_uring, according to BleepingComputer.
