Researchers disclosed an unpatched NTLM coercion vulnerability in the Windows search: URI handler that allows attackers to steal Net-NTLMv2 hashes via a malicious link or command execution. Despite sharing the same severity and underlying mechanism as a recently patched Snipping Tool vulnerability (CVE-2026-33829), Microsoft declined to service this flaw. Defenders must rely on environmental mitigations like blocking outbound SMB and restricting NTLM traffic to prevent exploitation.