Windows Search URI Vulnerability Exposes Net‑NTLMv2 Hashes — No Patch Available

Colleagues, a cybersecurity advisory.
Huntress discovered that search: with crumb=location can trigger an SMB connection to an attacker‑controlled server and disclose Net‑NTLMv2 hashes.
Key points:
- Disclosure occurs when a user clicks a specially crafted link.
- Harvested hashes can be used for relay attacks and privilege escalation.
- Microsoft declined to issue a patch following responsible disclosure.
Recommendations: block outbound SMB (ports 445/139), enable SMB signing, and disable NTLM where feasible.
Why it matters: absence of a fix increases the risk of network compromise.
What additional mitigations are you implementing?
#cybersecurity #Windows #NTLM #SMB


Latest comments
No comments yet.