A new zero-day vulnerability in Windows Themes enables remote NTLM credential theft across Windows 7 to 11 24H2 versions, triggered simply by viewing malicious theme files. While Microsoft has patched related vulnerabilities, this flaw remains unaddressed. In response, ACROS Security offers free micropatches via its 0patch service until Microsoft provides an official fix. Microsoft is aware of the issue and working on a solution; users can apply temporary protection by blocking NTLM hashes through group policy settings.