Windows Search URI Flaw Leaks NTLMv2 Hashes – Unpatched
🟠 High | Source: The Hacker News An unpatched vulnerability in Windows’ ‘search:’ URI handler can be exploited to leak a user’s NTLMv2 credential hash to an attacker, similar to a recently disclosed flaw in the Windows Snipping Tool (CVE-2026-33829). NTLMv2 hashes can be cracked offline or used in relay attacks to authenticate as the victim. The vulnerability remains unpatched, making it an active risk for any Windows environment, including cloud-connected hybrid setups. ...