CVE-2024-43451

Published Nov 12, 2024

Last updated 3 months ago

Exploit knownCVSS medium 6.5

Overview

Description
NTLM Hash Disclosure Spoofing Vulnerability
Source
secure@microsoft.com
NVD status
Analyzed

Insights

Analysis from the Intruder Security Team
Published Nov 14, 2024

Although the exploit targets functionality predominantly used by deprecated browser Internet Explorer, exploitation is also possible if Microsoft Edge allows opening pages in IE mode. In this mode, Microsoft Edge makes use of the vulnerable MSHTML platform, but only when group policy is specifically configured to allow it.

Risk scores

CVSS 3.1

Type
Primary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Severity
MEDIUM

Known exploits

Data from CISA

Vulnerability name
Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability
Exploit added on
Nov 12, 2024
Exploit action due
Dec 3, 2024
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov
NVD-CWE-noinfo
secure@microsoft.com
CWE-73

Social media

Hype score
Not currently trending

  1. Micropatches Released for NTLM Hash Disclosure Spoofing Vulnerability (CVE-2024-43451) https://t.co/oThem9ivXz

    @TMJIntel

    4 Feb 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. #exploit 1. CVE-2024-43451: Windows NTLMv2 0-day https://t.co/TgQztpU3HB 2. CVE-2024-50050: Vulnerability in meta-llama/llama-stack https://t.co/X1INA4cuA3

    @ksg93rd

    24 Jan 2025

    213 Impressions

    0 Retweets

    5 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  3. #exploit 1. CVE-2024-43451: Windows NTLMv2 0-day https://t.co/sTsJBKmCqh 2. CVE-2024-50050: Vulnerability in meta-llama/llama-stack https://t.co/F3EHLdhuUv

    @akaclandestine

    24 Jan 2025

    1570 Impressions

    14 Retweets

    34 Likes

    12 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 Detection Script for Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability🚨 📛 CVE-2024-43451 🟠 CVSS: 6.5 ⚠️ CWE: CWE-73 - External Control of File Name or Path 📈 Impact: Code Execution 🎯 CISA KEV: ✅ 🛠️ TTPs: T1190 - Exploit Public-Facing Application 🔗 PoC:… htt

    @gothburz

    31 Dec 2024

    147 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Critical Alert: CVE-2024-43451 A vulnerability in Microsoft Windows enables attackers to extract NTLMv2 hashes with minimal interaction. This opens the door to pass-the-hash attacks, granting unauthorized access to sensitive resources. 🛡️ Detection Guide: https://t.co/z3n4NDiG6N

    @IbraheemA50

    17 Dec 2024

    123 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  6. Top 5 Trending CVEs: 1 - CVE-2024-35286 2 - CVE-2024-3400 3 - CVE-2024-40834 4 - CVE-2024-43451 5 - CVE-2024-8636 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    7 Dec 2024

    80 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Great blog by @dekel_paz about mitigating CVE-2024-43451 (and many other 0-days for that matter) by outbound restriction in the @ZeroNetworks platform. https://t.co/lQj9furdUh

    @ZeroNLabs

    5 Dec 2024

    46 Impressions

    2 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🟠 #Windows NTLMv2 Hash Disclosure Spoofing Vulnerability (#CVE-2024-43451) - MEDIUM - Medium https://t.co/t9HFfdbNVn

    @dailycve

    28 Nov 2024

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Windows ゼロデイ脆弱性 CVE-2024-43451 を悪用:1回の右クリックで C2 通信を確立 https://t.co/217oLUA7N5 #CISA #ClearSky #CyberAttack #Exploit #Government #IOC #KEV #Malware #Microsoft #NTLM #Phishing #RedLine #Scammer #SparkRAT #UAC0194 #Ukraine #Vulnerability #ZeroDay

    @iototsecnews

    25 Nov 2024

    195 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. November 2024 Microsoft Patch Tuesday Summary 4 zero-day vulnerabilities addressed: Two of which with CVE-2024-49039 and CVE-2024-43451 exploited in the wild. #PatchNOW #cybersecurity #Windows #ComputerSecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach htt

    @haker_teach

    23 Nov 2024

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Actively exploited CVE : CVE-2024-43451

    @transilienceai

    23 Nov 2024

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. A newly patched Windows NT LAN Manager (NTLM) vulnerability, CVE-2024-43451, was exploited as a zero-day by a suspected Russia-linked actor targeting Ukraine. The flaw, which enables theft of NTLMv2 hashes through minimal user interaction, was used in phishing attacks… https://t.

    @enfoasecurity

    22 Nov 2024

    181 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. A newly patched Windows NT LAN Manager (NTLM) vulnerability, CVE-2024-43451, was exploited as a zero-day by a suspected Russia-linked actor in cyberattacks targeting Ukraine. https://t.co/5zbbirj6zM

    @smart_c_intel

    22 Nov 2024

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  14. Microsoft’s November 2024 Patch Tuesday Addresses 87 CVEs (CVE-2024-43451, CVE-2024-49039) https://t.co/KtgRSaHTBo https://t.co/rbZI1xAFug

    @NickBla41002745

    20 Nov 2024

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Actively exploited CVE : CVE-2024-43451

    @transilienceai

    20 Nov 2024

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  16. CVE-2024-43451 is getting exploited #inthewild. Find out more at https://t.co/5gGiG0xS5z CVE-2021-26086 is getting exploited #inthewild. Find out more at https://t.co/j2SoRuRnAx CVE-2024-43451 is getting exploited #inthewild. Find out more at https://t.co/5gGiG0xS5z

    @inthewildio

    19 Nov 2024

    67 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. #CyberSecurityUpdate: Microsoft ha rilasciato aggiornamenti critici correggendo 89 vulnerabilità, mettendo in luce CVE-2024-43451, già sfruttata attivamente dagli hacker. Questo difetto nel motore MSHTML, nonostante la non elevata severità, permette attacchi minimamente… https://

    @cyber_net_now

    18 Nov 2024

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 🍁У Microsoft прошёл ноябрьский Patch Tuesday. А значит, настало время срочно обновить Windows. Компания закрыла уязвимость нулевого дня CVE-2024-43451 🕷 и 88 других «дыр». Об этом и о том, ак укрепить защиту рабочих устройств — в нашем новом посте: https://t.co/2CxVvqe4zq http

    @Kaspersky_ru

    18 Nov 2024

    178 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. تازگی آسیب پذیری جدیدی از نوع Zero day برای ویندوز با کد شناسایی  CVE-2024-43451 منتشر شده است. این آسیب پذیری بر روی تمامی نسخه های ویندوز شامل ویندوز ۷ و ویندوز ۸ و ویندوز ۱۰ و حتی ویندوز ۱۱ قابل اکسپلویت شدن می باشد. https://t.co/Poz3aKYxT1 https://t.co/eIlwq47HXh

    @AmirHossein_sec

    17 Nov 2024

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. Top 5 Trending CVEs: 1 - CVE-2024-23113 2 - CVE-2024-7965 3 - CVE-2024-47575 4 - CVE-2024-43451 5 - CVE-2024-5690 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    17 Nov 2024

    185 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  21. تنبيه بشأن استغلال الثغرة: استغلت جهات التهديد المرتبطة بروسيا الثغرة الأمنية CVE-2024-43451 بشكل نشط لنشر Spark RAT، مع إمكانية حدوث أضرار جسيمة من خلال سرقة بيانات الاعتماد. اقرأ: https://t.co/hWTabfh2C4

    @CERT_Arabic

    17 Nov 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. 🚨 Patch Now! Critical #Windows Flaw (#CVE-2024-43451) Actively Exploited https://t.co/14pK4djOQR

    @UndercodeNews

    16 Nov 2024

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. 🚨 ¡Actualiza tus sistemas ahora! La vulnerabilidad CVE-2024-43451 en Windows, explotada activamente por meses, ha sido corregida en noviembre.📩 Atacantes utilizaron correos de spear-phishing y el malware SparkRAT para comprometer sistemas. 🔒🛡️ #Ciberseguridad #Malware #ZeroDa

    @RedExpertos

    15 Nov 2024

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. Russian hackers exploited CVE-2024-43451, a new NTLM flaw, in attacks on Ukraine, using phishing emails to deploy malware. Microsoft patched it, but ensure systems are updated by Dec 3 to avoid "pass-the-hash" risks, as flagged by CISA. Stay vigilant!

    @xyberpwn

    15 Nov 2024

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Microsoft tackled 83 vulnerabilities this month. Among the critical ones, NTLM Hash Disclosure (CVE-2024-43451) is at large, risking user confidentiality with easy exploitation. Patch and monitor diligently to be secure. Sign up for our threat advisory! https://t.co/5cS5XkWqLH h

    @sequretek_sqtk

    15 Nov 2024

    24 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  26. ⚠️ Find files related to the new zero-day vulnerability – #ExploreWithANYRUN ✅ We’ve added the detection for CVE-2024-43451, allowing our users to track and analyze this threat 📌 #CVE can be detected by inspecting the URL shortcut and checking for SMB connections 📂 The… ht

    @anyrun_app

    15 Nov 2024

    1423 Impressions

    6 Retweets

    16 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  27. New NTLM Zero-Day Exploit Alert! Microsoft patches CVE-2024-43451, actively exploited by a suspected Russia-linked actor targeting Ukraine. Attack chain delivers Spark RAT via phishing & malicious .URL files. #CyberSecurity #ZeroDay #Hacking #BugBounty #news #NTLM #PatchN

    @safeyourweb

    15 Nov 2024

    86 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. #0day CVE-2024-43451 https://t.co/3HUw5cKZyu

    @42mayfly

    15 Nov 2024

    91 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. 🚨 Windows Zero-Day Exploited by Russia Triggered With File Drag-and-Drop, Delete Actions 🚨 WIRE TOR - The Ethical Hacking Services ⚠️ Hackers have found a way to exploit a newly patched zero-day vulnerability in Windows identified as CVE-2024-43451. #cve https://t.co/r2mmfO6nv

    @WireTor

    14 Nov 2024

    56 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  30. Microsoft released its November Patch Tuesday update, addressing 89 vulnerabilities in Windows systems, including four zero-day exploits. One critical zero-day vulnerability, CVE-2024-43451, was actively exploited by a suspected Russia-linked actor in cyber attacks targeting… htt

    @XArthurDent

    14 Nov 2024

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. 🚨 New NTLM vulnerability (CVE-2024-43451) exploited by suspected Russian hackers in Ukraine. Phishing emails lead users to download a malicious .URL file, stealing NTLMv2 hashes and deploying malware. Stay vigilant and update systems! #CyberSecurity #Ukraine https://t.co/5LJl

    @redfoxsec

    14 Nov 2024

    49 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  32. #KDaily@kaspersky CVE-2024-43451 и другие поводы немедленно обновляться Эксплуатация уязвимости CVE-2024-43451 позволяет атакующему похитить NTLMv2-хеш без необходимости открытия вредоносного файла. https://t.co/NmppyKXB21

    @kmscom3

    14 Nov 2024

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. 2つの threat actor が execution 部分で 0-day 使用👀 Win10 以上での発火条件は 1. 右クリック 2. delete ボタン使ったファイル削除 3. 別のフォルダへのドラッグ移動 のどれかだから誘導あれば悪用可能範囲かな? New Zero-Day Vulnerability Detected: CVE-2024-43451 https://t.co/QMp11mryun

    @strinsert1Na

    14 Nov 2024

    2107 Impressions

    4 Retweets

    27 Likes

    19 Bookmarks

    1 Reply

    0 Quotes

  34. The exploit for CVE-2024-43451 , a new zero-day vulnerability in Windows, is executed by deleting files, drag-and-dropping them, or right clicking on them. https://t.co/J8ajvpUwrG

    @EduardKovacs

    14 Nov 2024

    2570 Impressions

    4 Retweets

    17 Likes

    6 Bookmarks

    0 Replies

    1 Quote

  35. How a #Windows zero-day was #exploited in the wild for months (#CVE-2024-43451) https://t.co/wZePaEusnK

    @ScyScan

    14 Nov 2024

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. Right-Click to Hack: Zero-Day CVE-2024-43451 Vulnerability Targets Windows Users https://t.co/vul2kPCgqN

    @clb_bcr

    14 Nov 2024

    51 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  37. Analysis of the URL File Zero-Day Vulnerability CVE-2024-43451 https://t.co/eKgRnbD1pd https://t.co/WeOOv5k5Py

    @blackorbird

    14 Nov 2024

    9273 Impressions

    43 Retweets

    167 Likes

    82 Bookmarks

    1 Reply

    0 Quotes

  38. Russia contro Ucraina e Cina contro USA nella guerra cibernetica Sicurezza Informatica, apt, botnet, cina, CVE-2024-43451, evidenza, guerra cibernetica, Salt Typhoon, Volt Typhoon, vulnerabilità, windows, zero-day https://t.co/I9ZcFPbQC2 https://t.co/uvlASYrZbK

    @matricedigitale

    14 Nov 2024

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. Learn about the newly patched NTLM security flaw (CVE-2024-43451), exploited by suspected Russian hackers targeting Ukraine. Stay informed on the vulnerability, its exploitation, and Microsoft's patch to safeguard your organization. More insights at: https://t.co/NjwTxG9aLa.

    @KrofekSecurity

    14 Nov 2024

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. Exploit alert: Russia-linked threat actors have actively exploited the CVE-2024-43451 #vulnerability to deploy Spark RAT, with the potential for significant damage through credential theft. Read: https://t.co/ANuvMDSUwS... https://t.co/eOsfbJ5GmW

    @IT_news_for_all

    14 Nov 2024

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. Exploit alert: Russia-linked threat actors have actively exploited the CVE-2024-43451 #vulnerability to deploy Spark RAT, with the potential for significant damage through credential theft. Read: https://t.co/sFWfyujYAn #infosec #hacking

    @TheHackersNews

    14 Nov 2024

    11466 Impressions

    34 Retweets

    68 Likes

    11 Bookmarks

    1 Reply

    2 Quotes

  42. Right-Click to Hack: Zero-Day CVE-2024-43451 Vulnerability Targets Windows Users https://t.co/HZvmsiihlA

    @Dinosn

    14 Nov 2024

    6634 Impressions

    48 Retweets

    121 Likes

    44 Bookmarks

    1 Reply

    2 Quotes

  43. Microsoft’s out with 92 fixes, including one to patch a zero-day. CVE-2024-43451—spoofing vulnerability in NTLM Hash. Exploited and public. This isn’t theoretical, it's happening.

    @ShepardTerminal

    14 Nov 2024

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐏𝐚𝐭𝐜𝐡𝐞𝐬 𝐔𝐤𝐫𝐚𝐢𝐧𝐞 𝐂𝐲𝐛𝐞𝐫𝐚𝐭𝐭𝐚𝐜𝐤𝐬 According to BleepingComputer, suspected Russian hackers are exploiting a recently patched Windows vulnerability as part of ongoing attacks against Ukrainian entities. The vulnerability (CVE-2024-43451) is

    @TechBuzzRecap

    14 Nov 2024

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. ITW Prior Exploitation of CVE-2024-43451 NTLM Hash Disclosure Spoofing Vulnerability in Ukraine -- https://t.co/z5j4FUsWkC

    @AndreGironda

    13 Nov 2024

    85 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. Microsoft warns of active exploits targeting vulnerabilities in NTLM (CVE-2024-43451) and Task Scheduler (CVE-2024-49039), which could lead to NTLMv2 hash disclosure and privilege escalation. For details, see the November Patch Tuesday update: https://t.co/meHAJePOJX #infosec

    @khashayar_nzk

    13 Nov 2024

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  47. Microsoft’s November 2024 Patch Tuesday Addresses 87 CVEs (CVE-2024-43451, CVE-2024-49039) https://t.co/mTDIXUJouZ https://t.co/YwIjps6XaW

    @secured_cyber

    13 Nov 2024

    68 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. Microsoft’s November 2024 Patch Tuesday Addresses 87 CVEs (CVE-2024-43451, CVE-2024-49039) https://t.co/SR9Hd87GS5 https://t.co/EZr8fNOq1l

    @secured_cyber

    13 Nov 2024

    65 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. A new zero-day vulnerability, CVE-2024-43451, was discovered by ClearSky. This vulnerability affects Windows systems and was actively exploited in attacks against Ukrainian entities. The malicious URL files were disguised as academic certificates and were initially observed… htt

    @ClearskySec

    13 Nov 2024

    6617 Impressions

    14 Retweets

    69 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  50. Microsoft’s November 2024 Patch Tuesday Addresses 87 CVEs (CVE-2024-43451, CVE-2024-49039) https://t.co/mBLLrT6oWZ https://t.co/P54jkhbYOD

    @ggrubamn

    13 Nov 2024

    87 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References