CyberSecurity news
FlagThis
NSFOCUS@nsfocusglobal.com
//
A new vulnerability, CVE-2025-24071, has been identified in Windows File Explorer, potentially exposing users to network spoofing attacks. The vulnerability is triggered by specially crafted .library-ms files embedded within compressed archives like RAR or ZIP. When these files are decompressed, they can trigger an SMB authentication request, leading to the disclosure of the user’s NTLM hash. The vulnerability has a CVSS score of 7.5, indicating a significant risk.
Microsoft has released a security announcement and a patch to address the issue across a range of Windows versions including Windows 10, Windows 11 and Windows Server versions from 2012 R2 to 2022. Users are urged to install the patch as soon as possible to mitigate the risk of exploitation. The vulnerability stems from the implicit trust and automatic file parsing behavior of .library-ms files by Windows Explorer, making it crucial for users to update their systems promptly.
ImgSrc: nsfocusglobal.c
References :
Microsoft has released a security announcement and a patch to address the issue across a range of Windows versions including Windows 10, Windows 11 and Windows Server versions from 2012 R2 to 2022. Users are urged to install the patch as soon as possible to mitigate the risk of exploitation. The vulnerability stems from the implicit trust and automatic file parsing behavior of .library-ms files by Windows Explorer, making it crucial for users to update their systems promptly.
ImgSrc: nsfocusglobal.c
Share:
References :
- nsfocusglobal.com: Windows File Explorer Spoofing Vulnerability (CVE-2025-24071)
- www.trendmicro.com: ZDI-CAN-25373: Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns