Security News > 2024 > October > Patching problems: The “return” of a Windows Themes spoofing vulnerability

Despite two patching attempts, a security issue that may allow attackers to compromise Windows user’s NTLM (authentication) credentials via a malicious Windows themes file still affects Microsoft’s operating system, 0patch researchers have discovered. The path to discovery The story starts with CVE-2024-21320, a Windows Themes spoofing vulnerability that was reported by Akamai security researcher Tomer Peled and fixed by Microsoft in January 2024. The vulnerability could be triggered by a .theme file that specified a … More → The post Patching problems: The “return” of a Windows Themes spoofing vulnerability appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/10/29/windows-themes-spoofing-vulnerability/
Related news
- Microsoft Patches 125 Flaws Including Actively Exploited Windows CLFS Vulnerability (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) (source)
- Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ (source)
- Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-09 | CVE-2024-21320 | Unspecified vulnerability in Microsoft products Windows Themes Spoofing Vulnerability | 6.5 |