Windows Themes Spoofing Vulnerability: A New Threat to User Privacy

CVE-2024-21320

6.5MEDIUM

Key Information

Vendor: Microsoft
Status: Windows 10 Version 1809; Windows Server 2019; Windows Server 2019 (server Core Installation); Windows Server 2022
Vendor: CVE Published:; 9 January 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

The Windows Themes Spoofing Vulnerability, identified as CVE-2024-21320 with a CVSS score of 6.5, allows attackers to coerce victims into sending credentials, typically in the form of NTLM hashes over SMB, to the attacker’s server. This is triggered when a victim views a Theme file in Explorer, causing SMB handshake packets containing credentials to be sent to the attacker's server. All Windows versions are affected as Themes is a built-in feature in the Windows operating system. Microsoft released a patch for this vulnerability in January 2024. The potential impact includes NTLM relay attacks, credential stuffing, and unauthorized access. It is important for organizations to update their endpoints with the latest security patch to mitigate the risk.

Affected Version(s)

Windows 10 Version 1809 < 10.0.17763.5329

Windows Server 2019 < 10.0.17763.5329

Windows Server 2019 (Server Core installation) < 10.0.17763.5329

News Articles

Akamai

CVE-2024-21320

Leaking NTLM Credentials Through Windows Themes | Akamai

In this latest piece of research by Tomer Peled, see how a seemingly innocuous personalization option can trigger an authentication coercion.

6 months ago

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

👾
Exploit exists.
Jul 20, 2024
First article discovered by Akamai
Mar 6, 2024
Vulnerability published.
Jan 9, 2024
Vulnerability Reserved.
Dec 8, 2023

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed1 News Article(s)