A newly reported Windows flaw can expose a user's NTLMv2 password hash, which attackers can try to crack or relay for unauthorized access. The issue affects the Windows Search URI protocol and can be triggered through crafted links or files that cause Windows to connect to an attacker-controlled server. The article indicates the bug is unpatched and enables hash disclosure rather than direct code execution.
Why it matters: Organizations that still rely on NTLM authentication could be exposed to credential theft from a single malicious link or lure, making this a meaningful phishing and lateral-movement risk. Defenders should block or monitor outbound SMB and WebDAV traffic, reduce NTLM use where possible, and warn users not to open unexpected search-related links or files until Microsoft issues a fix.
info@thehackernews.com (The Hacker News)
2026.06.03
100% relevant
This appears to establish a distinct new story about an unpatched Windows Search URI credential-leak vulnerability, and it does not match any existing tracked story in the list.
← Back to all stories