Free unofficial patches released for Windows Themes zero-day vulnerability
A new zero-day vulnerability in Windows Themes allows attackers to steal NTLM credentials remotely. Unofficial patches are now available for all affected Windows versions, from Windows 7 to Windows 11 24H2, until Microsoft releases an official fix. The vulnerability was discovered by ACROS Security while addressing another issue. Their micropatch prevents attackers from exploiting the flaw by viewing malicious theme files, which could trigger unauthorized network requests. Users can obtain the free micropatch through the 0patch service. Microsoft is aware of the issue and plans to release an official patch soon. Meanwhile, users can implement mitigation measures to enhance security.