Microsoft has become hypocritical over the past few years with the release of Windows 11 and insistence upon having TPM 2.0 being non-negotiable for security reasons. While being notified of three zero-day vulnerabilities and sitting on them without taking any action to patch. OPatch takes up the slack once again as usual. Companies who have business models like MS usually don’t end up on the good end of the stick. Pushing hypocrisy for money. Let the alarm bells ring!!
0patch notes that this is the third zero-day vulnerability they recently reported to Microsoft that the vendor has not taken immediate action to address.
The other two are the Mark of the Web (MotW) bypass on Windows Server 2012, made known late last month, and a Windows Themes vulnerability allowing remote NTLM credentials theft, disclosed in late October. Both issues remain unfixed.
0patch says that other NTLM hash disclosure flaws disclosed in the past, like PetitPotam, PrinterBug/SpoolSample, and DFSCoerce, all remain without an official fix at the latest Windows versions, leaving users with only the 0patch-provided micro-patches.