A newly disclosed vulnerability in Windows’ search: URI handler exposes users’ NTLMv2 credential hashes to attacker-controlled servers with a single link click, and Microsoft has declined to assign a CVE or issue a patch. The flaw, reported to Microsoft on April 15, 2026, one day after the company patched CVE-2026-33829 in the Windows Snipping Tool, is technically […]
The post Windows Search URI Flaw Leaks NTLMv2 Hashes to Attackers appeared first on Cyber Security News.