Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes
Summary
Cybersecurity researchers have disclosed details of an unpatched vulnerability in the Windows Search URI handler that allows attackers to steal users' NTLMv2 hashes. This vulnerability is similar to a previously disclosed issue in the Windows Snipping Tool.
IFF Assessment
This vulnerability allows attackers to steal sensitive NTLMv2 hashes, which can then be used for credential stuffing or further attacks, posing a direct threat to defenders.
Severity
The vulnerability allows for remote code execution by tricking a user into clicking a specially crafted link, impacting confidentiality and integrity. The attack vector is network-based and requires minimal privileges.
Defender Context
This unpatched vulnerability highlights the ongoing risks associated with URI handlers and the importance of timely patching. Defenders should be aware of the potential for NTLMv2 hash leakage and ensure systems are updated as soon as a patch becomes available.