CVE-2024-43451 - Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability

CVE-2024-43451: Microsoft | Windows

Date Added:
2024-11-12

Due Date:
2024-12-03

Vulnerability Name: Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability

Description: Microsoft Windows contains an NTLMv2 hash spoofing vulnerability that could result in disclosing a user's NTLMv2 hash to an attacker via a file open operation. The attacker could then leverage this hash to impersonate that user.

Known To Be Used in Ransomware Campaigns?: Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43451 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43451

Related News Articles

How a Windows zero-day was exploited in the wild for months (CVE-2024-43451)November 14, 2024

Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing EmailsNovember 14, 2024

Microsoft Fixes 90 New Flaws, Including Actively Exploited NTLM and Task Scheduler BugsNovember 13, 2024

Free security scan for your website

Don't show website scan report rating on the leaderboard