A critical vulnerability affecting all Windows operating systems from Windows 7 and Server 2008 R2 through the latest Windows 11 v24H2 and Server 2025.

This zero-day flaw enables attackers to capture users’ NTLM authentication credentials simply by having them view a malicious file in Windows Explorer.

The vulnerability can be triggered when opening a shared folder, inserting a USB drive containing the malicious file, or even viewing a Downloads folder where such a file was previously downloaded from an attacker’s website.