Windows Under Attack: NTLM Hash Disclosure Spoofing Vulnerability Threatens User Credentials

CVE-2024-43451

6.5MEDIUM

Key Information

Vendor: Microsoft
Status: Windows Server 2025; Windows Server 2025 (server Core Installation); Windows 10 Version 1809; Windows Server 2019
Vendor: CVE Published:; 12 November 2024

Badges

😄 Trended👾 Exploit Exists📰 News Worthy

Summary

The Windows operating system has been affected by a spoofing vulnerability, specifically the CVE-2024-43451. This flaw allows attackers to increase their privileges and reveal Net-NTLMv2 hashes, putting user credentials at risk. This can lead to "pass-the-hash" attacks, enabling attackers to masquerade as legitimate users without needing their password. Exploitation requires user interaction, but this has not been a deterrent for attackers. There have been reports of in-the-wild exploitation of this vulnerability, although the ransomware groups involved are not specified. It is crucial for organizations to apply the necessary patches to protect against this and other security vulnerabilities in the Windows environment.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-43451 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.