Black & White Path

Apr 16, 2026 · Information Security

One‑Click NTLM Leak in ms‑screensketch: How the Vulnerability Works

Researchers discovered that certain versions of the Windows screenshot tool ms‑screensketch register a deep‑link URI whose filePath parameter can force an authenticated SMB connection, allowing a remote attacker to capture the user’s Net‑NTLM hash after the victim clicks a malicious link.