NTLM Hash Disclosure Spoofing Vulnerability in Microsoft Products
CVE-2025-21377

6.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Windows 10 Version 1809; Windows Server 2019; Windows Server 2019 (server Core Installation); Windows Server 2022
Vendor: CVE Published:; 11 February 2025

Badges

📰 News Worthy

Summary

The NTLM hash disclosure spoofing vulnerability in Microsoft products allows attackers to exploit weak authentication mechanisms, leading to the potential disclosure of NTLM hashes. This can facilitate unauthorized access to user accounts and sensitive information. Affected versions of Microsoft Windows 10 and Windows Server may be particularly susceptible to targeted attacks. It is essential for organizations to apply the recommended security updates and implement best practices to safeguard against this vulnerability.

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.20915

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.7785

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.6893

News Articles

Krebs on Security

CVE-2025-21418 CVE-2025-21377

Microsoft Patch Tuesday, February 2025 Edition

Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited.

2 weeks ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

📰
First article discovered by Krebs on Security
Feb 12, 2025
Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Dec 11, 2024