Summary

Cybersecurity researchers have identified an unpatched vulnerability in the Windows Search URI handler that could allow attackers to steal NTLMv2 hashes. This issue is similar to a previously identified vulnerability in the Windows Snipping Tool's URI handler.

Key Points

• The vulnerability resides in the search: URI handler of Windows systems.
• It can be exploited to disclose a user's NTLMv2 hash to an attacker.
• The issue is similar to CVE-2026-33829, which affected the Windows Snipping Tool's ms-screensketch: URI handler.
• The vulnerability has been disclosed by cybersecurity firm Huntress.

Analysis

The unpatched vulnerability in the Windows Search URI handler poses a significant security risk as it can lead to the exposure of sensitive authentication data, specifically NTLMv2 hashes. This type of vulnerability is critical because it can potentially allow attackers to gain unauthorized access to systems by leveraging stolen hashes. The similarity to CVE-2026-33829 highlights a recurring issue with URI handlers in Windows applications.

Conclusion

IT professionals should be aware of this unpatched vulnerability and monitor for any updates or patches from Microsoft. It is recommended to implement network segmentation and monitoring to detect any unauthorized attempts to exploit this vulnerability.