1. Home
  2. Vulnerabilities
  3. CVE-2024-43451
Known Exploited Vulnerability
6.5
MEDIUM CVSS 3.1
CVE-2024-43451
Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability - [Actively Exploited]
Description

NTLM Hash Disclosure Spoofing Vulnerability

INFO

Published Date :

Nov. 12, 2024, 6:15 p.m.

Last Modified :

Oct. 28, 2025, 2:15 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Microsoft Windows contains an NTLMv2 hash spoofing vulnerability that could result in disclosing a user's NTLMv2 hash to an attacker via a file open operation. The attacker could then leverage this hash to impersonate that user.

Required Action :

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Notes :

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43451 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43451

Affected Products

The following products are affected by CVE-2024-43451 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Microsoft windows_server_2008
2 Microsoft windows_server_2012
3 Microsoft windows_server_2016
4 Microsoft windows_server_2019
5 Microsoft windows_10_1607
6 Microsoft windows_10_1809
7 Microsoft windows_10_21h2
8 Microsoft windows_10_22h2
9 Microsoft windows_server_2022
10 Microsoft windows_11_22h2
11 Microsoft windows_10_1507
12 Microsoft windows
13 Microsoft windows_11_23h2
14 Microsoft windows_server_2022_23h2
15 Microsoft windows_server_23h2
16 Microsoft windows_server_2012_r2
17 Microsoft windows_server_2008_r2
18 Microsoft windows_server_2008_sp2
19 Microsoft windows_11_24h2
20 Microsoft windows_server_2025
: Total Affected Vendor : 1 | Products : 20
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 MEDIUM [email protected]
Solution
A vulnerability exists in Microsoft Windows that could allow for NTLM hash disclosure.
  • Apply the appropriate security update or cumulative update for your operating system.
  • Consider applying the HotPatch where applicable.
Public PoC/Exploit Available at Github

CVE-2024-43451 has a 4 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-43451.

URL Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43451 Patch Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-43451 US Government Resource
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-43451 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-43451 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
mclperera/patchintel

None

Python

Updated: 2 weeks, 3 days ago
0 stars 0 fork 0 watcher
Born at : Nov. 6, 2025, 2:41 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
RonF98/CVE-2024-43451-POC

CVE-2024-43451 is a Windows NTLM vulnerability that allows an attacker to force authentication and capture NTLM hashes by using malicious shortcuts.

Updated: 4 months, 3 weeks ago
14 stars 1 fork 1 watcher
Born at : Jan. 20, 2025, 3:30 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
Castro-Ian/CVE-2024-4573-Mitigation-Script

None

PostScript

Updated: 11 months ago
0 stars 0 fork 0 watcher
Born at : Dec. 30, 2024, 6:54 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
ums91/CISA_BOT

CISA Bot is a GitHub bot that automatically monitors the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog. When new vulnerabilities are published in the KEV, the bot creates GitHub issues in this repository with detailed information about each vulnerability.

Python

Updated: 3 months ago
2 stars 1 fork 1 watcher
Born at : Oct. 29, 2024, 10:19 a.m. This repo has been linked 206 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-43451 vulnerability anywhere in the article.

  • Daily CyberSecurity
AWS Guarantees 60-Minute Recovery Time with New Route 53 Accelerated Recovery

Earlier, a severe outage in Amazon’s cloud computing service AWS disrupted thousands of major websites, leaving users unable to access online platforms and causing significant operational losses for t ... Read more

Published Date: Nov 28, 2025 (5 days, 21 hours ago)
  • Daily CyberSecurity
Zombie Protocol: How NTLM Flaws Like CVE-2024-43451 Are Haunting 2025

A new report from Kaspersky Labs reveals that despite being over two decades old, the NTLM authentication protocol remains a critical security liability in 2025. Cybercriminals are actively exploiting ... Read more

Published Date: Nov 28, 2025 (6 days, 4 hours ago)
  • The Hacker News
ThreatsDay Bulletin: AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More Stories

Hackers have been busy again this week. From fake voice calls and AI-powered malware to huge money-laundering busts and new scams, there's a lot happening in the cyber world.Criminals are getting crea ... Read more

Published Date: Nov 27, 2025 (6 days, 20 hours ago)
  • CybersecurityNews
Hackers Exploit NTLM Authentication Flaws to Target Windows Systems

More than two decades after its initial discovery, the NTLM authentication protocol continues to plague Windows systems worldwide. What started in 2001 as a theoretical vulnerability has evolved into ... Read more

Published Date: Nov 26, 2025 (1 week ago)
  • Kaspersky
Old tech, new vulnerabilities: NTLM abuse, ongoing exploitation in 2025

Just like the 2000s Flip phones grew popular, Windows XP debuted on personal computers, Apple introduced the iPod, peer-to-peer file sharing via torrents was taking off, and MSN Messenger dominated on ... Read more

Published Date: Nov 26, 2025 (1 week ago)
  • CybersecurityNews
5 Email Attacks SOCs Cannot Detect Without A Sandbox

Even with Slack, Teams, and every new communication tool out there, email remains the top attack vector for businesses. Why? Because it’s familiar, trusted, and easy to exploit. One convincing message ... Read more

Published Date: Jul 30, 2025 (4 months ago)
  • The Hacker News
Blind Eagle Uses Proton66 Hosting for Phishing, RAT Deployment on Colombian Banks

Cybercrime / Vulnerability The threat actor known as Blind Eagle has been attributed with high confidence to the use of the Russian bulletproof hosting service Proton66. Trustwave SpiderLabs, in a rep ... Read more

Published Date: Jun 30, 2025 (5 months ago)
  • Cyber Security News
APT-C-36 Hackers Attacking Government Institutions, Financial Organizations, and Critical Infrastructure

Since 2018, the advanced persistent threat group APT-C-36, commonly known as Blind Eagle, has emerged as a formidable cyber adversary targeting critical sectors across Latin America. This sophisticate ... Read more

Published Date: Jun 27, 2025 (5 months, 1 week ago)
  • europa.eu
Cyber Brief 25-05 - April 2025

Cyber Brief (April 2025)May 2, 2025 - Version: 1TLP:CLEARExecutive summaryWe analysed 311 open source reports for this Cyber Brief1.Policy, cooperation, and law enforcement. The FBI sought help to ide ... Read more

Published Date: May 02, 2025 (7 months ago)
  • The Hacker News
⚡ THN Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More

Cybersecurity / Hacking News Can a harmless click really lead to a full-blown cyberattack? Surprisingly, yes — and that's exactly what we saw in last week's activity. Hackers are getting better at hid ... Read more

Published Date: Apr 21, 2025 (7 months, 1 week ago)
  • security.nl
Windows-spoofinglek gebruikt om NTLMv2-hashes bij overheden te stelen

vrijdag 18 april 2025, 10:02 door Redactie, 0 reactiesLaatst bijgewerkt: Vandaag, 11:14 Aanvallers maken actief misbruik van een kwetsbaarheid in Windows voor het stelen van NTLMv2-hashes bij Europese ... Read more

Published Date: Apr 18, 2025 (7 months, 2 weeks ago)
  • The Hacker News
CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download

Windows Security / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited V ... Read more

Published Date: Apr 18, 2025 (7 months, 2 weeks ago)
  • Help Net Security
Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054)

CVE-2025-24054, a Windows NTLM hash disclosure vulnerability that Microsoft has issued patches for last month, has been leveraged by threat actors in campaigns targeting government and private institu ... Read more

Published Date: Apr 17, 2025 (7 months, 2 weeks ago)
  • Dark Reading
Multiple Groups Exploit NTLM Flaw in Microsoft Windows

Source: Bits And Splits via ShutterstockMultiple attackers are actively exploiting a recently patched Windows vulnerability that exposes authentication credentials, despite Microsoft releasing a fix f ... Read more

Published Date: Apr 16, 2025 (7 months, 2 weeks ago)
  • Daily CyberSecurity
CVE-2025-24054: Actively Exploited NTLM Hash Disclosure Vulnerability

Check Point Research has issued a warning over the active exploitation of a newly disclosed vulnerability—CVE-2025-24054—that allows attackers to leak NTLMv2-SSP hashes through specially crafted .libr ... Read more

Published Date: Apr 16, 2025 (7 months, 2 weeks ago)
  • Daily CyberSecurity
Houthi Influence Campaign: Deceptive Tactics on Facebook Target Israel and Gulf States

In a recent cybersecurity analysis, ClearSky’s team uncovered a persistent influence campaign originating from Yemen/Houthi, targeting Israel and Gulf states. The campaign, initially exposed in 2019, ... Read more

Published Date: Apr 14, 2025 (7 months, 2 weeks ago)
  • Kaspersky
Exploits and vulnerabilities in Q4 2024

Q4 2024 saw fewer published exploits for Windows and Linux compared to the first three quarters. Although the number of registered vulnerabilities continued to rise, the total number of Proof of Conce ... Read more

Published Date: Feb 26, 2025 (9 months, 1 week ago)
  • 0patch.com
Micropatches Released for NTLM Hash Disclosure Spoofing Vulnerability (CVE-2024-43451)

November 2024 Windows updates brought a fix for CVE-2024-43451, an NTLM hash disclosure vulnerability that allows an attacker to obtain user's Net-NTLM hash when the user right-clicks, deletes or move ... Read more

Published Date: Feb 03, 2025 (10 months ago)
  • TheCyberThrone
Microsoft Patch Tuesday Year 2024 Analysis

In 2024, Microsoft’s Patch Tuesday updates played a critical role in addressing security vulnerabilities across various platforms. Throughout the year, a total of 1,000+ vulnerabilities were patched, ... Read more

Published Date: Dec 25, 2024 (11 months, 1 week ago)
  • 0patch.com
URL File NTLM Hash Disclosure Vulnerability (0day) - and Free Micropatches for it

Our researchers discovered a vulnerability on all Windows Workstation and Server versions from Windows 7 and Server 2008 R2 to the latest Windows 11 v24H2 and Server 2022. The vulnerability allows an ... Read more

Published Date: Dec 05, 2024 (11 months, 4 weeks ago)

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2024-43451 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Modified Analysis by [email protected]

    Oct. 28, 2025

    Action Type Old Value New Value
    Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-43451 Types: US Government Resource
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Oct. 21, 2025

    Action Type Old Value New Value
    Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-43451
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Oct. 21, 2025

    Action Type Old Value New Value
    Removed Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-43451
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Oct. 21, 2025

    Action Type Old Value New Value
    Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-43451
  • Initial Analysis by [email protected]

    Nov. 14, 2024

    Action Type Old Value New Value
    Changed Reference Type https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43451 No Types Assigned https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43451 Patch, Vendor Advisory
    Added CWE NIST NVD-CWE-noinfo
    Added CPE Configuration OR *cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.10240.20826 *cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.10240.20826 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.14393.7515 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.14393.7515 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.17763.6532 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.17763.6532 *cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* versions up to (excluding) 10.0.19044.5131 *cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.19044.5131 *cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.19044.5131 *cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* versions up to (excluding) 10.0.19045.5131 *cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.19045.5131 *cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.19045.5131 *cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:* versions up to (excluding) 10.0.22621.4460 *cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.22621.4460 *cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* versions up to (excluding) 10.0.22631.4460 *cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.22631.4460 *cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* versions up to (excluding) 10.0.26100.2314 *cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.26100.2314 *cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:* *cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:* *cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* *cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.14393.7515 *cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.17763.6532 *cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.20348.2849 *cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.25398.1251 *cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.26100.2314
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Nov. 13, 2024

    Action Type Old Value New Value
    Added Due Date 2024-12-03
    Added Vulnerability Name Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability
    Added Required Action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
    Added Date Added 2024-11-12
  • CVE Received by [email protected]

    Nov. 12, 2024

    Action Type Old Value New Value
    Added Description NTLM Hash Disclosure Spoofing Vulnerability
    Added Reference Microsoft Corporation https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43451 [No types assigned]
    Added CWE Microsoft Corporation CWE-73
    Added CVSS V3.1 Microsoft Corporation AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 6.5
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact