BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

New Windows Search Flaw Leaks NTLM Passwords

Unpatched Windows search flaw leaks NTLMv2 hashes via malicious links; Microsoft declines fix.

  • An unpatched vulnerability in the Windows search URI handler can leak a user’s sensitive NTLMv2 authentication hash.
  • The flaw allows attackers to capture hashes via specially crafted links, similar to a patched issue, CVE-2026-33829, in the Snipping Tool.
  • Microsoft declined to fix the issue, rating it below their servicing bar for security updates.
  • Experts recommend blocking outbound SMB traffic and enforcing SMB signing to mitigate the risk.

Cybersecurity researchers disclosed an unpatched vulnerability in June 2026 that exposes users’ NTLMv2 hashes. This flaw, found in the Windows search: URI handler, was documented by Huntress.

- Advertisement -

Like a previous spoofing vulnerability, CVE-2026-33829, this issue can be triggered by a malicious link. Consequently, clicking such a link forces the system to connect to an attacker-controlled server.

Specifically, the attack uses a “crumb=location:” parameter to initiate the connection. This mechanism, CVE-2023-35636, was previously documented by Varonis for stealing hashes.

The captured NTLMv2 hash can then be used in relay attacks. Attackers leverage these to gain deeper network access.

Following responsible disclosure on April 15, 2026, Microsoft declined to release a patch. The company stated “only Important and Critical severity cases meet our bar for servicing.”

- Advertisement -

Security professionals now advise blocking outbound SMB ports on non-essential hosts. Meanwhile, enforcing SMB signing and disabling NTLM where possible are also recommended defenses.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

OpenAI Questions Merit of Apple’s Trade Secrets Suit

Apple accused OpenAI of targeting current and former employees to obtain confidential documents, designs,...

Senate to vote on crypto bill amid ethics corruption debate

The US Senate is expected to vote before August 10 on the CLARITY Act,...

IBM shares plummet 25% after earnings miss, worst drop in decades

IBM shares plunged up to 25% on Tuesday after missing Q2 earnings expectations, marking...

DeepMind CEO: AGI just years away, demands new US safety tests

Google DeepMind CEO Demis Hassabis predicts AGI will arrive within a few years, comparing...

Warsh: No Stablecoin Bailout, GENIUS Act Deadline Near

Federal Reserve Chair Kevin Warsh told lawmakers the central bank will not bail out...

Must Read

8 Best Crypto Debit Cards For Spending Your Digital Tokens

What are | How we chose | Best crypto debit cards | Binance Card? | FAQ | Final WordsCrypto debit cards have transformed how...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading