Security experts have recently uncovered a Windows Themes spoofing zero-day vulnerability that allows threat actors to steal NTLM credentials. Earlier in 2024, Microsoft discovered, and patched, CVE-2024-21320 – a similar vulnerability with a 6.5 severity score (medium). The patch did not address the issue entirely, and could be bypassed, resulting in the discovery of CVE-2024-38030. […]