Windows Users at Risk: New Zero-Day Exploit Steals Passwords Without Interaction

A newly discovered zero-day vulnerability in Windows is putting users at serious risk by allowing attackers to steal passwords without any user action. This exploit affects all major Windows versions, including Windows 7, Windows 11 v24H2, and Server 2025. Currently, Microsoft has not released an official patch to address this issue, leaving millions of users vulnerable.

How the Windows Password Theft Exploit Works

Security researcher Mitja Kolsek from ACROS Security privately reported the flaw to Microsoft. While full technical details remain undisclosed, the vulnerability enables cybercriminals to extract NTLM (NT Lan Manager) credentials by merely having a user preview a malicious file in Windows Explorer. This means opening or executing the file is unnecessary—just viewing it is enough for an attack.

NTLM is a widely used authentication protocol in Windows, making this flaw particularly dangerous. Stolen credentials can be leveraged to conduct relay attacks, bypass security measures, and gain unauthorised access to corporate and personal networks. Although Kolsek classified the issue as not "critical," similar vulnerabilities have been actively exploited in real-world cyberattacks.

No Official Microsoft Fix Yet – Temporary Solution Available

Microsoft has acknowledged the security risk but has not yet provided an official fix. A Microsoft spokesperson stated, "We are aware of this report and will take necessary action to protect customers." However, a patch may not arrive until the next scheduled security update, leaving users exposed for now.

To mitigate the risk, ACROS Security has developed a temporary micro-patch available through its 0patch platform. This patch applies in memory without requiring a full system update. It is free to use until Microsoft delivers an official fix, and all Windows users are urged to install it as soon as possible.

Chrome-Based Zero-Day Adds to Cybersecurity Concerns

Compounding the threat, a separate zero-day vulnerability has been found in Google Chrome and other Chromium-based browsers like Microsoft Edge. Security firm Kaspersky uncovered this exploit, which allows attackers to bypass Chrome’s sandbox protection with a single malicious link click.

The attack, dubbed Operation ForumTroll, has mainly targeted media organisations, educational institutions, and government agencies, particularly in Russia. Identified as CVE-2025-2783, the exploit showcases an advanced level of sophistication, leading cybersecurity experts to suspect its use in cyber-espionage campaigns.

How to Protect Yourself

For Windows Users:

• Install the temporary 0patch fix immediately to prevent credential theft.
• Avoid previewing or interacting with unfamiliar files in Windows Explorer.
• Be cautious of phishing emails that may contain malicious attachments.

For Chrome and Edge Users:

• Update your browser to the latest version to safeguard against the Chromium zero-day exploit.
• Avoid clicking on suspicious links, especially in unsolicited emails.

As cybersecurity threats continue to evolve, staying proactive with software updates and security patches is crucial to safeguarding sensitive data.