A newly patched Windows exploit can be easily triggered by unsuspecting users.

A newly patched Windows exploit can be still be triggered without opening a suspicious file. The exploit allows a threat actor to steal a users NTLMv2 hash. The exploit has been used in the wild by a Russian threat actor. The threat actor has been sending phishing emails from a compromised Ukrainian government server.

Read more:

https://www.securityweek.com/windows-zero-day-exploited-by-russia-triggered-with-file-drag-and-drop-delete-actions/