Windows Themes Spoofing Vulnerability: A New Threat to User Privacy
Key Information
- Vendor
- Microsoft
- Status
- Windows 10 Version 1809
- Windows Server 2019
- Windows Server 2019 (server Core Installation)
- Windows Server 2022
- Vendor
- CVE Published:
- 9 January 2024
Badges
Summary
The Windows Themes Spoofing Vulnerability, identified as CVE-2024-21320 with a CVSS score of 6.5, allows attackers to coerce victims into sending credentials, typically in the form of NTLM hashes over SMB, to the attacker’s server. This is triggered when a victim views a Theme file in Explorer, causing SMB handshake packets containing credentials to be sent to the attacker's server. All Windows versions are affected as Themes is a built-in feature in the Windows operating system. Microsoft released a patch for this vulnerability in January 2024. The potential impact includes NTLM relay attacks, credential stuffing, and unauthorized access. It is important for organizations to update their endpoints with the latest security patch to mitigate the risk.
Affected Version(s)
Windows 10 Version 1809 < 10.0.17763.5329
Windows Server 2019 < 10.0.17763.5329
Windows Server 2019 (Server Core installation) < 10.0.17763.5329
News Articles
CVSS V3.1
Timeline
- đź‘ľ
Exploit exists.
First article discovered by Akamai
Vulnerability published.
Vulnerability Reserved.