Known Exploited Vulnerability
6.5
MEDIUM CVSS 3.1
CVE-2024-43451
Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability - [Actively Exploited]
Description

NTLM Hash Disclosure Spoofing Vulnerability

INFO

Published Date :

Nov. 12, 2024, 6:15 p.m.

Last Modified :

Nov. 14, 2024, 3:24 p.m.

Remotely Exploit :

Yes !
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Microsoft Windows contains an NTLMv2 hash spoofing vulnerability that could result in disclosing a user's NTLMv2 hash to an attacker via a file open operation. The attacker could then leverage this hash to impersonate that user.

Required Action :

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Notes :

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43451 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43451

Affected Products

The following products are affected by CVE-2024-43451 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Microsoft windows_server_2008
2 Microsoft windows_server_2012
3 Microsoft windows_server_2016
4 Microsoft windows_server_2019
5 Microsoft windows_10_1607
6 Microsoft windows_10_1809
7 Microsoft windows_10_21h2
8 Microsoft windows_10_22h2
9 Microsoft windows_server_2022
10 Microsoft windows_11_22h2
11 Microsoft windows_10_1507
12 Microsoft windows
13 Microsoft windows_11_23h2
14 Microsoft windows_server_2022_23h2
15 Microsoft windows_server_23h2
16 Microsoft windows_server_2012_r2
17 Microsoft windows_server_2008_r2
18 Microsoft windows_server_2008_sp2
19 Microsoft windows_11_24h2
20 Microsoft windows_server_2025
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 MEDIUM [email protected]
Solution
A vulnerability exists in Microsoft Windows that could allow for NTLM hash disclosure.
  • Apply the appropriate security update or cumulative update for your operating system.
  • Consider applying the HotPatch where applicable.
Public PoC/Exploit Available at Github

CVE-2024-43451 has a 3 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-43451.

URL Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43451 Patch Vendor Advisory
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-43451 is associated with the following CWEs:

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

CVE-2024-43451 is a Windows NTLM vulnerability that allows an attacker to force authentication and capture NTLM hashes by using malicious shortcuts.

Updated: 1 month, 3 weeks ago
14 stars 1 fork 1 watcher
Born at : Jan. 20, 2025, 3:30 p.m. This repo has been linked 1 different CVEs too.

None

PostScript

Updated: 8 months ago
0 stars 0 fork 0 watcher
Born at : Dec. 30, 2024, 6:54 p.m. This repo has been linked 1 different CVEs too.

CISA Bot is a GitHub bot that automatically monitors the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog. When new vulnerabilities are published in the KEV, the bot creates GitHub issues in this repository with detailed information about each vulnerability.

Python

Updated: 5 days ago
2 stars 1 fork 1 watcher
Born at : Oct. 29, 2024, 10:19 a.m. This repo has been linked 206 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-43451 vulnerability anywhere in the article.

  • CybersecurityNews
5 Email Attacks SOCs Cannot Detect Without A Sandbox

Even with Slack, Teams, and every new communication tool out there, email remains the top attack vector for businesses. Why? Because it’s familiar, trusted, and easy to exploit. One convincing message ... Read more

Published Date: Jul 30, 2025 (1 month ago)
  • The Hacker News
Blind Eagle Uses Proton66 Hosting for Phishing, RAT Deployment on Colombian Banks

Cybercrime / Vulnerability The threat actor known as Blind Eagle has been attributed with high confidence to the use of the Russian bulletproof hosting service Proton66. Trustwave SpiderLabs, in a rep ... Read more

Published Date: Jun 30, 2025 (2 months ago)
  • Cyber Security News
APT-C-36 Hackers Attacking Government Institutions, Financial Organizations, and Critical Infrastructure

Since 2018, the advanced persistent threat group APT-C-36, commonly known as Blind Eagle, has emerged as a formidable cyber adversary targeting critical sectors across Latin America. This sophisticate ... Read more

Published Date: Jun 27, 2025 (2 months, 1 week ago)
  • europa.eu
Cyber Brief 25-05 - April 2025

Cyber Brief (April 2025)May 2, 2025 - Version: 1TLP:CLEARExecutive summaryWe analysed 311 open source reports for this Cyber Brief1.Policy, cooperation, and law enforcement. The FBI sought help to ide ... Read more

Published Date: May 02, 2025 (4 months ago)
  • The Hacker News
⚡ THN Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More

Cybersecurity / Hacking News Can a harmless click really lead to a full-blown cyberattack? Surprisingly, yes — and that's exactly what we saw in last week's activity. Hackers are getting better at hid ... Read more

Published Date: Apr 21, 2025 (4 months, 1 week ago)
  • security.nl
Windows-spoofinglek gebruikt om NTLMv2-hashes bij overheden te stelen

vrijdag 18 april 2025, 10:02 door Redactie, 0 reactiesLaatst bijgewerkt: Vandaag, 11:14 Aanvallers maken actief misbruik van een kwetsbaarheid in Windows voor het stelen van NTLMv2-hashes bij Europese ... Read more

Published Date: Apr 18, 2025 (4 months, 2 weeks ago)
  • The Hacker News
CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download

Windows Security / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited V ... Read more

Published Date: Apr 18, 2025 (4 months, 2 weeks ago)
  • Help Net Security
Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054)

CVE-2025-24054, a Windows NTLM hash disclosure vulnerability that Microsoft has issued patches for last month, has been leveraged by threat actors in campaigns targeting government and private institu ... Read more

Published Date: Apr 17, 2025 (4 months, 2 weeks ago)
  • Dark Reading
Multiple Groups Exploit NTLM Flaw in Microsoft Windows

Source: Bits And Splits via ShutterstockMultiple attackers are actively exploiting a recently patched Windows vulnerability that exposes authentication credentials, despite Microsoft releasing a fix f ... Read more

Published Date: Apr 16, 2025 (4 months, 2 weeks ago)
  • Daily CyberSecurity
CVE-2025-24054: Actively Exploited NTLM Hash Disclosure Vulnerability

Check Point Research has issued a warning over the active exploitation of a newly disclosed vulnerability—CVE-2025-24054—that allows attackers to leak NTLMv2-SSP hashes through specially crafted .libr ... Read more

Published Date: Apr 16, 2025 (4 months, 2 weeks ago)
  • Daily CyberSecurity
Houthi Influence Campaign: Deceptive Tactics on Facebook Target Israel and Gulf States

In a recent cybersecurity analysis, ClearSky’s team uncovered a persistent influence campaign originating from Yemen/Houthi, targeting Israel and Gulf states. The campaign, initially exposed in 2019, ... Read more

Published Date: Apr 14, 2025 (4 months, 2 weeks ago)
  • Kaspersky
Exploits and vulnerabilities in Q4 2024

Q4 2024 saw fewer published exploits for Windows and Linux compared to the first three quarters. Although the number of registered vulnerabilities continued to rise, the total number of Proof of Conce ... Read more

Published Date: Feb 26, 2025 (6 months, 1 week ago)
  • 0patch.com
Micropatches Released for NTLM Hash Disclosure Spoofing Vulnerability (CVE-2024-43451)

November 2024 Windows updates brought a fix for CVE-2024-43451, an NTLM hash disclosure vulnerability that allows an attacker to obtain user's Net-NTLM hash when the user right-clicks, deletes or move ... Read more

Published Date: Feb 03, 2025 (6 months, 4 weeks ago)
  • TheCyberThrone
Microsoft Patch Tuesday Year 2024 Analysis

In 2024, Microsoft’s Patch Tuesday updates played a critical role in addressing security vulnerabilities across various platforms. Throughout the year, a total of 1,000+ vulnerabilities were patched, ... Read more

Published Date: Dec 25, 2024 (8 months, 1 week ago)
  • 0patch.com
URL File NTLM Hash Disclosure Vulnerability (0day) - and Free Micropatches for it

Our researchers discovered a vulnerability on all Windows Workstation and Server versions from Windows 7 and Server 2008 R2 to the latest Windows 11 v24H2 and Server 2022. The vulnerability allows an ... Read more

Published Date: Dec 05, 2024 (8 months, 4 weeks ago)
  • tripwire.com
Tripwire Patch Priority Index for November 2024

Tripwire's November 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Google Chromium.First on the list are patches for Microsoft Edge, Excel, and Word that r ... Read more

Published Date: Dec 04, 2024 (8 months, 4 weeks ago)
  • europa.eu
Cyber Brief 24-12 - November 2024

Cyber Brief (November 2024)December 3, 2024 - Version: 1.0TLP:CLEARExecutive summaryWe analysed 232 open source reports for this Cyber Brief1.Relating to cyber policy and law enforcement, Germany anno ... Read more

Published Date: Dec 03, 2024 (9 months ago)
  • Help Net Security
RomCom hackers chained Firefox and Windows zero-days to deliver backdoor

Russia-aligned APT group RomCom was behind attacks that leveraged CVE-2024-9680, a remote code execution flaw in Firefox, and CVE-2024-49039, an elevation of privilege vulnerability in Windows Task Sc ... Read more

Published Date: Nov 26, 2024 (9 months, 1 week ago)
  • Cybersecurity News
Raspberry Robin’s Stealth Tactics: USB Infections, Exploits, and Advanced Obfuscation Unveiled

Raspberry Robin, also known as Roshtyak, stands out as a highly advanced malicious downloader. Discovered in 2021, it has gained notoriety for its use of infected USB drives and sophisticated techniqu ... Read more

Published Date: Nov 22, 2024 (9 months, 1 week ago)
  • Cybersecurity News
WorkflowKit Race Vulnerability (CVE-2024-27821): Researcher Reveals Exploit that Let Malicious Apps Hijack Shortcuts

Security researcher Snoolie K has published an in-depth analysis of a significant security flaw in WorkflowKit, which has been assigned CVE-2024-27821. This vulnerability, dubbed the “WorkflowKit Race ... Read more

Published Date: Nov 21, 2024 (9 months, 1 week ago)

The following table lists the changes that have been made to the CVE-2024-43451 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Nov. 14, 2024

    Action Type Old Value New Value
    Changed Reference Type https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43451 No Types Assigned https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43451 Patch, Vendor Advisory
    Added CWE NIST NVD-CWE-noinfo
    Added CPE Configuration OR *cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.10240.20826 *cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.10240.20826 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.14393.7515 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.14393.7515 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.17763.6532 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.17763.6532 *cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* versions up to (excluding) 10.0.19044.5131 *cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.19044.5131 *cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.19044.5131 *cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* versions up to (excluding) 10.0.19045.5131 *cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.19045.5131 *cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.19045.5131 *cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:* versions up to (excluding) 10.0.22621.4460 *cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.22621.4460 *cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* versions up to (excluding) 10.0.22631.4460 *cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.22631.4460 *cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* versions up to (excluding) 10.0.26100.2314 *cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.26100.2314 *cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:* *cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:* *cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* *cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.14393.7515 *cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.17763.6532 *cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.20348.2849 *cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.25398.1251 *cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.26100.2314
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Nov. 13, 2024

    Action Type Old Value New Value
    Added Due Date 2024-12-03
    Added Vulnerability Name Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability
    Added Required Action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
    Added Date Added 2024-11-12
  • CVE Received by [email protected]

    Nov. 12, 2024

    Action Type Old Value New Value
    Added Description NTLM Hash Disclosure Spoofing Vulnerability
    Added Reference Microsoft Corporation https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43451 [No types assigned]
    Added CWE Microsoft Corporation CWE-73
    Added CVSS V3.1 Microsoft Corporation AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 6.5
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact