Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Windows search URI handler NTLMv2 hash disclosure security flaw (CVE-2026-33829)

Vulnerability
First reported
Last updated
Happening score
H score 24
1 unique sources, 1 articles

Summary

Hide ▲

Windows search: URI handler has an unpatched NTLMv2 hash disclosure flaw that can let an attacker capture a user's Net-NTLMv2 hash through a crafted `search:` link. The weakness is similar to CVE-2026-33829 and can trigger a connection to an attacker-controlled SMB server. Captured hashes may then be reused for relay attacks or authentication.

Related Happenings

CCB urgent patch warning for CVE-2026-41089 on Windows servers

Public Sector Action
First: 01.06.2026 15:30 Last: 01.06.2026 15:30 Sources 1

About this happening: Belgium's **CCB** warned that **CVE-2026-41089** is being **actively exploited in the wild**, urging admins to **immediately patch** vulnerable **Windows servers** because the fla...

Open Happening

GhostLock CreateFileW share-mode file-locking technique

Technical Analysis
First: 12.05.2026 01:02 Last: 12.05.2026 01:02 Sources 1

About this happening: **GhostLock** exposes a file-locking technique that abuses **Windows CreateFileW** to deny access to files on **local systems and SMB shares**. Because the method relies on legiti...

Open Happening

APT28 Windows Shell LNK campaign targeting Ukraine and E.U. nations

Campaign
First: 28.04.2026 08:50 Last: 28.04.2026 08:50 Sources 1

About this happening: A **December 2025** **APT28** campaign targeted **Ukraine** and **E.U. nations** with a **malicious Windows Shortcut (LNK)** chain that bypassed **Microsoft Defender SmartScreen**...

Open Happening

Pirated software installer cryptojacking campaign

Campaign
First: 18.02.2026 18:00 Last: 18.02.2026 18:00 Sources 1

About this happening: A **cryptojacking campaign** now spreads through **pirated software bundles**, using a **multi-stage infection chain** to deploy a **bespoke XMRig miner** and maintain persistence...

Open Happening

Microsoft NTLM phase-out and disable-by-default plan

Advisory/Mitigation
First: 02.02.2026 17:59 Last: 02.02.2026 17:59 Sources 1

About this happening: **Microsoft** is rolling out a **three-phase NTLM phase-out** for **Windows**, pushing organizations to audit NTLM usage, migrate to **Kerberos**, and prepare for **NTLM-off** con...

Open Happening

Timeline

  1. 03.06.2026 13:18 1 articles · 8h ago

    Microsoft declines to address Windows search URI handler NTLMv2 hash disclosure flaw

    Legal Policy Action Update

    Following responsible disclosure on April 15, 2026, Microsoft declined to address the Windows search: URI handler issue, saying only Important and Critical severity cases meet its bar for servicing.

    Show sources
    Open in new tab
  2. 03.06.2026 13:18 2 articles · 8h ago

    Researchers disclose Windows search URI handler NTLMv2 hash leak

    Initial Disclosure

    Cybersecurity researchers disclosed an unpatched issue in the Windows search: URI handler that can induce a user's computer to connect to an attacker-controlled SMB server through a crafted `search:` link and `crumb=location:` UNC path, exposing the user's Net-NTLMv2 hash. Huntress said the flaw used the same NTLM leakage mechanism and prerequisites as earlier URI-handler abuse, with a technique similar to CVE-2023-35636 and the Windows Snipping Tool issue tied to CVE-2026-33829.

    Show sources
    Open in new tab