Bleeping Computer

New Windows zero-day exposes NTLM credentials, gets unofficial patch

A new zero-day vulnerability has been discovered that allows attackers to capture NTLM credentials by simply tricking the target into viewing a malicious file in Windows Explorer. The flaw was ...
vInfrastructure

NTLM v1 is being removed in recent Windows versions

Finally, with Windows Server 2025 and Windows 11 24H2, Microsoft is taking a definitive step to eliminate an historical security weakness: NTLM v1 is being completely removed! It was already disabled ...
Bleeping Computer

New Windows Themes zero-day gets free, unofficial patches

Free unofficial patches are now available for a new Windows Themes zero-day vulnerability that allows attackers to steal a target's NTLM credentials remotely. NTLM has been extensively exploited in ...
Ars Technica

Windows RDP lets you log in using revoked passwords. Microsoft is OK with that.

From the department of head scratches comes this counterintuitive news: Microsoft says it has no plans to change a remote login protocol in Windows that allows people to log in to machines using ...