Microsoft Windows Core Shell Spoofing Vulnerability Allowing External Control of File Names or Paths

A spoofing vulnerability has been identified in Windows Core Shell, where external control of file names or paths allows unauthorized attackers to perform spoofing over a network. This vulnerability affects multiple Windows products, including various versions of Windows 10, Windows 11, Windows Server 2012 R2, Windows Server 2016, Windows Server 2022, Windows Server 2019, and Windows Server 2025. The vulnerability arises from the ability to manipulate file names or paths, potentially leading to the unauthorized disclosure of NTLM hash values under certain user interactions.

Impact

Exploitation of this vulnerability could lead to unauthorized spoofing actions over the network, with the potential for NTLM hash values to be leaked, according to Microsoft.

Remediation

Users can download the security update for this vulnerability through the Microsoft Update Catalog. Specific update details can be found in the Microsoft Knowledge Base articles linked within the product update guidance.