Windows Themes Spoofing Vulnerability: A New Threat to User Privacy

Summary

The Windows Themes Spoofing Vulnerability, identified as CVE-2024-21320 with a CVSS score of 6.5, allows attackers to coerce victims into sending credentials, typically in the form of NTLM hashes over SMB, to the attacker’s server. This is triggered when a victim views a Theme file in Explorer, causing SMB handshake packets containing credentials to be sent to the attacker's server. All Windows versions are affected as Themes is a built-in feature in the Windows operating system. Microsoft released a patch for this vulnerability in January 2024. The potential impact includes NTLM relay attacks, credential stuffing, and unauthorized access. It is important for organizations to update their endpoints with the latest security patch to mitigate the risk.

News Articles

CVE-2024-38030CVE-2024-21320

Windows Themes 0-day opens door to NTLM credential theft

There's a Windows Themes spoofing zero-day bug on the loose that allows attackers to steal people's NTLM credentials. That's the bad news. The good news: Acros Security's 0patch has developed a free...

3 weeks ago

CVE-2024-38030CVE-2024-21320

Recurring Windows Flaw Could Expose User Credentials

Now a zero-day, the vulnerability enables NTLM hash theft, an issue that Microsoft has already fixed twice before.

3 weeks ago

BleepingComputer

CVE-2024-38030CVE-2024-21320

New Windows Themes zero-day gets free, unofficial patches

Free unofficial patches are now available for a new Windows Themes zero-day vulnerability that allows attackers to steal a target's NTLM credentials remotely.

3 weeks ago

More News...