Find notable cyber news and cases, enriched with sources, timelines, and signals.

Windows search URI handler NTLMv2 hash disclosure security flaw (CVE-2026-33829)

Vulnerability
First reported
Last updated
Happening score
H score 24
1 unique sources, 1 articles

Summary

Hide ▲

Windows search: URI handler has an unpatched NTLMv2 hash disclosure flaw that can let an attacker capture a user's Net-NTLMv2 hash through a crafted `search:` link. The weakness is similar to CVE-2026-33829 and can trigger a connection to an attacker-controlled SMB server. Captured hashes may then be reused for relay attacks or authentication.

Related Happenings

CCB urgent patch warning for CVE-2026-41089 on Windows servers

Public Sector Action
H score48 First: 01.06.2026 15:30 Last: 01.06.2026 15:30 Sources 1

About this happening: Belgium's CCB warned that CVE-2026-41089 is being actively exploited in the wild, urging admins to immediately patch vulnerable Windows servers because the fla...

GhostLock CreateFileW share-mode file-locking technique

Technical Analysis
H score24 First: 12.05.2026 01:02 Last: 12.05.2026 01:02 Sources 1

About this happening: GhostLock exposes a file-locking technique that abuses Windows CreateFileW to deny access to files on local systems and SMB shares. Because the method relies on legiti...

APT28 Windows Shell LNK campaign targeting Ukraine and E.U. nations

Campaign
H score39 First: 28.04.2026 08:50 Last: 28.04.2026 08:50 Sources 1

About this happening: A December 2025 APT28 campaign targeted Ukraine and E.U. nations with a malicious Windows Shortcut (LNK) chain that bypassed Microsoft Defender SmartScreen...

Pirated software installer cryptojacking campaign

Campaign
H score35 First: 18.02.2026 18:00 Last: 18.02.2026 18:00 Sources 1

About this happening: A cryptojacking campaign now spreads through pirated software bundles, using a multi-stage infection chain to deploy a bespoke XMRig miner and maintain persistence...

Microsoft NTLM phase-out and disable-by-default plan

Advisory/Mitigation
H score19 First: 02.02.2026 17:59 Last: 02.02.2026 17:59 Sources 1

About this happening: Microsoft is rolling out a three-phase NTLM phase-out for Windows, pushing organizations to audit NTLM usage, migrate to Kerberos, and prepare for NTLM-off con...

Timeline

  1. 03.06.2026 13:18 1 articles · 1mo ago

    Microsoft declines to address Windows search URI handler NTLMv2 hash disclosure flaw

    Legal Policy Action Update

    Following responsible disclosure on April 15, 2026, Microsoft declined to address the Windows search: URI handler issue, saying only Important and Critical severity cases meet its bar for servicing.

    Show sources
  2. 03.06.2026 13:18 2 articles · 1mo ago

    Researchers disclose Windows search URI handler NTLMv2 hash leak

    Initial Disclosure

    Cybersecurity researchers disclosed an unpatched issue in the Windows search: URI handler that can induce a user's computer to connect to an attacker-controlled SMB server through a crafted `search:` link and `crumb=location:` UNC path, exposing the user's Net-NTLMv2 hash. Huntress said the flaw used the same NTLM leakage mechanism and prerequisites as earlier URI-handler abuse, with a technique similar to CVE-2023-35636 and the Windows Snipping Tool issue tied to CVE-2026-33829.

    Show sources