Windows Themes Spoofing Vulnerability: A New Threat to User Privacy
CVE-2024-21320

6.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Windows 10 Version 1809; Windows Server 2019; Windows Server 2019 (server Core Installation); Windows Server 2022
Vendor: CVE Published:; 9 January 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

The Windows Themes Spoofing Vulnerability, identified as CVE-2024-21320 with a CVSS score of 6.5, allows attackers to coerce victims into sending credentials, typically in the form of NTLM hashes over SMB, to the attacker’s server. This is triggered when a victim views a Theme file in Explorer, causing SMB handshake packets containing credentials to be sent to the attacker's server. All Windows versions are affected as Themes is a built-in feature in the Windows operating system. Microsoft released a patch for this vulnerability in January 2024. The potential impact includes NTLM relay attacks, credential stuffing, and unauthorized access. It is important for organizations to update their endpoints with the latest security patch to mitigate the risk.

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.20402

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.6614

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.5329

News Articles

CVE-2024-38030 CVE-2024-21320

Recurring Windows Flaw Could Expose User Credentials

Now a zero-day, the vulnerability enables NTLM hash theft, an issue that Microsoft has already fixed twice before.

2 months ago

BleepingComputer

CVE-2024-38030 CVE-2024-21320

New Windows Themes zero-day gets free, unofficial patches

Free unofficial patches are now available for a new Windows Themes zero-day vulnerability that allows attackers to steal a target's NTLM credentials remotely.

2 months ago