CVE-2024-43451

Published Nov 12, 2024

Last updated 2 months ago

Exploit knownCVSS medium 6.5

Insights

Analysis from the Intruder Security Team
Published Nov 14, 2024

Although the exploit targets functionality predominantly used by deprecated browser Internet Explorer, exploitation is also possible if Microsoft Edge allows opening pages in IE mode. In this mode, Microsoft Edge makes use of the vulnerable MSHTML platform, but only when group policy is specifically configured to allow it.

Overview

Description
NTLM Hash Disclosure Spoofing Vulnerability
Source
secure@microsoft.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Severity
MEDIUM

Known exploits

Data from CISA

Vulnerability name
Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability
Exploit added on
Nov 12, 2024
Exploit action due
Dec 3, 2024
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov
NVD-CWE-noinfo
secure@microsoft.com
CWE-73

Social media

Hype score
Not currently trending

  1. 🚨 Detection Script for Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability🚨 📛 CVE-2024-43451 🟠 CVSS: 6.5 ⚠️ CWE: CWE-73 - External Control of File Name or Path 📈 Impact: Code Execution 🎯 CISA KEV: ✅ 🛠️ TTPs: T1190 - Exploit Public-Facing Application 🔗 PoC:… htt

    @gothburz

    31 Dec 2024

    147 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Critical Alert: CVE-2024-43451 A vulnerability in Microsoft Windows enables attackers to extract NTLMv2 hashes with minimal interaction. This opens the door to pass-the-hash attacks, granting unauthorized access to sensitive resources. 🛡️ Detection Guide: https://t.co/z3n4NDiG6N

    @IbraheemA50

    17 Dec 2024

    123 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Top 5 Trending CVEs: 1 - CVE-2024-35286 2 - CVE-2024-3400 3 - CVE-2024-40834 4 - CVE-2024-43451 5 - CVE-2024-8636 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    7 Dec 2024

    80 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Great blog by @dekel_paz about mitigating CVE-2024-43451 (and many other 0-days for that matter) by outbound restriction in the @ZeroNetworks platform. https://t.co/lQj9furdUh

    @ZeroNLabs

    5 Dec 2024

    46 Impressions

    2 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🟠 #Windows NTLMv2 Hash Disclosure Spoofing Vulnerability (#CVE-2024-43451) - MEDIUM - Medium https://t.co/t9HFfdbNVn

    @dailycve

    28 Nov 2024

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Windows ゼロデイ脆弱性 CVE-2024-43451 を悪用:1回の右クリックで C2 通信を確立 https://t.co/217oLUA7N5 #CISA #ClearSky #CyberAttack #Exploit #Government #IOC #KEV #Malware #Microsoft #NTLM #Phishing #RedLine #Scammer #SparkRAT #UAC0194 #Ukraine #Vulnerability #ZeroDay

    @iototsecnews

    25 Nov 2024

    195 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. November 2024 Microsoft Patch Tuesday Summary 4 zero-day vulnerabilities addressed: Two of which with CVE-2024-49039 and CVE-2024-43451 exploited in the wild. #PatchNOW #cybersecurity #Windows #ComputerSecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach htt

    @haker_teach

    23 Nov 2024

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Actively exploited CVE : CVE-2024-43451

    @transilienceai

    23 Nov 2024

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. A newly patched Windows NT LAN Manager (NTLM) vulnerability, CVE-2024-43451, was exploited as a zero-day by a suspected Russia-linked actor targeting Ukraine. The flaw, which enables theft of NTLMv2 hashes through minimal user interaction, was used in phishing attacks… https://t.

    @enfoasecurity

    22 Nov 2024

    181 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. A newly patched Windows NT LAN Manager (NTLM) vulnerability, CVE-2024-43451, was exploited as a zero-day by a suspected Russia-linked actor in cyberattacks targeting Ukraine. https://t.co/5zbbirj6zM

    @smart_c_intel

    22 Nov 2024

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. Microsoft’s November 2024 Patch Tuesday Addresses 87 CVEs (CVE-2024-43451, CVE-2024-49039) https://t.co/KtgRSaHTBo https://t.co/rbZI1xAFug

    @NickBla41002745

    20 Nov 2024

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Actively exploited CVE : CVE-2024-43451

    @transilienceai

    20 Nov 2024

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  13. CVE-2024-43451 is getting exploited #inthewild. Find out more at https://t.co/5gGiG0xS5z CVE-2021-26086 is getting exploited #inthewild. Find out more at https://t.co/j2SoRuRnAx CVE-2024-43451 is getting exploited #inthewild. Find out more at https://t.co/5gGiG0xS5z

    @inthewildio

    19 Nov 2024

    67 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. #CyberSecurityUpdate: Microsoft ha rilasciato aggiornamenti critici correggendo 89 vulnerabilità, mettendo in luce CVE-2024-43451, già sfruttata attivamente dagli hacker. Questo difetto nel motore MSHTML, nonostante la non elevata severità, permette attacchi minimamente… https://

    @cyber_net_now

    18 Nov 2024

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. 🍁У Microsoft прошёл ноябрьский Patch Tuesday. А значит, настало время срочно обновить Windows. Компания закрыла уязвимость нулевого дня CVE-2024-43451 🕷 и 88 других «дыр». Об этом и о том, ак укрепить защиту рабочих устройств — в нашем новом посте: https://t.co/2CxVvqe4zq http

    @Kaspersky_ru

    18 Nov 2024

    178 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. تازگی آسیب پذیری جدیدی از نوع Zero day برای ویندوز با کد شناسایی  CVE-2024-43451 منتشر شده است. این آسیب پذیری بر روی تمامی نسخه های ویندوز شامل ویندوز ۷ و ویندوز ۸ و ویندوز ۱۰ و حتی ویندوز ۱۱ قابل اکسپلویت شدن می باشد. https://t.co/Poz3aKYxT1 https://t.co/eIlwq47HXh

    @AmirHossein_sec

    17 Nov 2024

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Top 5 Trending CVEs: 1 - CVE-2024-23113 2 - CVE-2024-7965 3 - CVE-2024-47575 4 - CVE-2024-43451 5 - CVE-2024-5690 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    17 Nov 2024

    185 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  18. تنبيه بشأن استغلال الثغرة: استغلت جهات التهديد المرتبطة بروسيا الثغرة الأمنية CVE-2024-43451 بشكل نشط لنشر Spark RAT، مع إمكانية حدوث أضرار جسيمة من خلال سرقة بيانات الاعتماد. اقرأ: https://t.co/hWTabfh2C4

    @CERT_Arabic

    17 Nov 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 🚨 Patch Now! Critical #Windows Flaw (#CVE-2024-43451) Actively Exploited https://t.co/14pK4djOQR

    @UndercodeNews

    16 Nov 2024

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. 🚨 ¡Actualiza tus sistemas ahora! La vulnerabilidad CVE-2024-43451 en Windows, explotada activamente por meses, ha sido corregida en noviembre.📩 Atacantes utilizaron correos de spear-phishing y el malware SparkRAT para comprometer sistemas. 🔒🛡️ #Ciberseguridad #Malware #ZeroDa

    @RedExpertos

    15 Nov 2024

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Russian hackers exploited CVE-2024-43451, a new NTLM flaw, in attacks on Ukraine, using phishing emails to deploy malware. Microsoft patched it, but ensure systems are updated by Dec 3 to avoid "pass-the-hash" risks, as flagged by CISA. Stay vigilant!

    @xyberpwn

    15 Nov 2024

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Microsoft tackled 83 vulnerabilities this month. Among the critical ones, NTLM Hash Disclosure (CVE-2024-43451) is at large, risking user confidentiality with easy exploitation. Patch and monitor diligently to be secure. Sign up for our threat advisory! https://t.co/5cS5XkWqLH h

    @sequretek_sqtk

    15 Nov 2024

    24 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  23. ⚠️ Find files related to the new zero-day vulnerability – #ExploreWithANYRUN ✅ We’ve added the detection for CVE-2024-43451, allowing our users to track and analyze this threat 📌 #CVE can be detected by inspecting the URL shortcut and checking for SMB connections 📂 The… ht

    @anyrun_app

    15 Nov 2024

    1423 Impressions

    6 Retweets

    16 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  24. New NTLM Zero-Day Exploit Alert! Microsoft patches CVE-2024-43451, actively exploited by a suspected Russia-linked actor targeting Ukraine. Attack chain delivers Spark RAT via phishing & malicious .URL files. #CyberSecurity #ZeroDay #Hacking #BugBounty #news #NTLM #PatchN

    @safeyourweb

    15 Nov 2024

    86 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. #0day CVE-2024-43451 https://t.co/3HUw5cKZyu

    @42mayfly

    15 Nov 2024

    91 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. 🚨 Windows Zero-Day Exploited by Russia Triggered With File Drag-and-Drop, Delete Actions 🚨 WIRE TOR - The Ethical Hacking Services ⚠️ Hackers have found a way to exploit a newly patched zero-day vulnerability in Windows identified as CVE-2024-43451. #cve https://t.co/r2mmfO6nv

    @WireTor

    14 Nov 2024

    56 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  27. Microsoft released its November Patch Tuesday update, addressing 89 vulnerabilities in Windows systems, including four zero-day exploits. One critical zero-day vulnerability, CVE-2024-43451, was actively exploited by a suspected Russia-linked actor in cyber attacks targeting… htt

    @XArthurDent

    14 Nov 2024

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. 🚨 New NTLM vulnerability (CVE-2024-43451) exploited by suspected Russian hackers in Ukraine. Phishing emails lead users to download a malicious .URL file, stealing NTLMv2 hashes and deploying malware. Stay vigilant and update systems! #CyberSecurity #Ukraine https://t.co/5LJl

    @redfoxsec

    14 Nov 2024

    49 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  29. #KDaily@kaspersky CVE-2024-43451 и другие поводы немедленно обновляться Эксплуатация уязвимости CVE-2024-43451 позволяет атакующему похитить NTLMv2-хеш без необходимости открытия вредоносного файла. https://t.co/NmppyKXB21

    @kmscom3

    14 Nov 2024

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. 2つの threat actor が execution 部分で 0-day 使用👀 Win10 以上での発火条件は 1. 右クリック 2. delete ボタン使ったファイル削除 3. 別のフォルダへのドラッグ移動 のどれかだから誘導あれば悪用可能範囲かな? New Zero-Day Vulnerability Detected: CVE-2024-43451 https://t.co/QMp11mryun

    @strinsert1Na

    14 Nov 2024

    2107 Impressions

    4 Retweets

    27 Likes

    19 Bookmarks

    1 Reply

    0 Quotes

  31. The exploit for CVE-2024-43451 , a new zero-day vulnerability in Windows, is executed by deleting files, drag-and-dropping them, or right clicking on them. https://t.co/J8ajvpUwrG

    @EduardKovacs

    14 Nov 2024

    2570 Impressions

    4 Retweets

    17 Likes

    6 Bookmarks

    0 Replies

    1 Quote

  32. How a #Windows zero-day was #exploited in the wild for months (#CVE-2024-43451) https://t.co/wZePaEusnK

    @ScyScan

    14 Nov 2024

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. Right-Click to Hack: Zero-Day CVE-2024-43451 Vulnerability Targets Windows Users https://t.co/vul2kPCgqN

    @clb_bcr

    14 Nov 2024

    51 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  34. Analysis of the URL File Zero-Day Vulnerability CVE-2024-43451 https://t.co/eKgRnbD1pd https://t.co/WeOOv5k5Py

    @blackorbird

    14 Nov 2024

    9273 Impressions

    43 Retweets

    167 Likes

    82 Bookmarks

    1 Reply

    0 Quotes

  35. Russia contro Ucraina e Cina contro USA nella guerra cibernetica Sicurezza Informatica, apt, botnet, cina, CVE-2024-43451, evidenza, guerra cibernetica, Salt Typhoon, Volt Typhoon, vulnerabilità, windows, zero-day https://t.co/I9ZcFPbQC2 https://t.co/uvlASYrZbK

    @matricedigitale

    14 Nov 2024

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. Learn about the newly patched NTLM security flaw (CVE-2024-43451), exploited by suspected Russian hackers targeting Ukraine. Stay informed on the vulnerability, its exploitation, and Microsoft's patch to safeguard your organization. More insights at: https://t.co/NjwTxG9aLa.

    @KrofekSecurity

    14 Nov 2024

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. Exploit alert: Russia-linked threat actors have actively exploited the CVE-2024-43451 #vulnerability to deploy Spark RAT, with the potential for significant damage through credential theft. Read: https://t.co/ANuvMDSUwS... https://t.co/eOsfbJ5GmW

    @IT_news_for_all

    14 Nov 2024

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. Exploit alert: Russia-linked threat actors have actively exploited the CVE-2024-43451 #vulnerability to deploy Spark RAT, with the potential for significant damage through credential theft. Read: https://t.co/sFWfyujYAn #infosec #hacking

    @TheHackersNews

    14 Nov 2024

    11466 Impressions

    34 Retweets

    68 Likes

    11 Bookmarks

    1 Reply

    2 Quotes

  39. Right-Click to Hack: Zero-Day CVE-2024-43451 Vulnerability Targets Windows Users https://t.co/HZvmsiihlA

    @Dinosn

    14 Nov 2024

    6634 Impressions

    48 Retweets

    121 Likes

    44 Bookmarks

    1 Reply

    2 Quotes

  40. Microsoft’s out with 92 fixes, including one to patch a zero-day. CVE-2024-43451—spoofing vulnerability in NTLM Hash. Exploited and public. This isn’t theoretical, it's happening.

    @ShepardTerminal

    14 Nov 2024

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐏𝐚𝐭𝐜𝐡𝐞𝐬 𝐔𝐤𝐫𝐚𝐢𝐧𝐞 𝐂𝐲𝐛𝐞𝐫𝐚𝐭𝐭𝐚𝐜𝐤𝐬 According to BleepingComputer, suspected Russian hackers are exploiting a recently patched Windows vulnerability as part of ongoing attacks against Ukrainian entities. The vulnerability (CVE-2024-43451) is

    @TechBuzzRecap

    14 Nov 2024

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. ITW Prior Exploitation of CVE-2024-43451 NTLM Hash Disclosure Spoofing Vulnerability in Ukraine -- https://t.co/z5j4FUsWkC

    @AndreGironda

    13 Nov 2024

    85 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. Microsoft warns of active exploits targeting vulnerabilities in NTLM (CVE-2024-43451) and Task Scheduler (CVE-2024-49039), which could lead to NTLMv2 hash disclosure and privilege escalation. For details, see the November Patch Tuesday update: https://t.co/meHAJePOJX #infosec

    @khashayar_nzk

    13 Nov 2024

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. Microsoft’s November 2024 Patch Tuesday Addresses 87 CVEs (CVE-2024-43451, CVE-2024-49039) https://t.co/mTDIXUJouZ https://t.co/YwIjps6XaW

    @secured_cyber

    13 Nov 2024

    68 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. Microsoft’s November 2024 Patch Tuesday Addresses 87 CVEs (CVE-2024-43451, CVE-2024-49039) https://t.co/SR9Hd87GS5 https://t.co/EZr8fNOq1l

    @secured_cyber

    13 Nov 2024

    65 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. A new zero-day vulnerability, CVE-2024-43451, was discovered by ClearSky. This vulnerability affects Windows systems and was actively exploited in attacks against Ukrainian entities. The malicious URL files were disguised as academic certificates and were initially observed… htt

    @ClearskySec

    13 Nov 2024

    6617 Impressions

    14 Retweets

    69 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  47. Microsoft’s November 2024 Patch Tuesday Addresses 87 CVEs (CVE-2024-43451, CVE-2024-49039) https://t.co/mBLLrT6oWZ https://t.co/P54jkhbYOD

    @ggrubamn

    13 Nov 2024

    87 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. In November 2024, Microsoft released its Patch Tuesday updates, addressing 90 security vulnerabilities across its products, including four zero-day vulnerabilities, two of which (CVE-2024-49039 and CVE-2024-43451) were already being exploited. These updates covered critical… http

    @XArthurDent

    13 Nov 2024

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. Microsoft’s November 2024 Patch Tuesday Addresses 87 CVEs (CVE-2024-43451, CVE-2024-49039) https://t.co/xmATAZn3Et https://t.co/Pg0kQYNpr6

    @Art_Capella

    13 Nov 2024

    81 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. Microsoft 製品の脆弱性対策について(2024年11月) この内 CVE-2024-43451、CVE-2024-49039 の脆弱性について、Microsoft 社では悪用の事実を確認済みと公表しており、今後被害が拡大するおそれがあるため、至急、更新プログラムを適用してください。 https://t.co/c5AJ002PVW

    @es_service23

    13 Nov 2024

    229 Impressions

    5 Retweets

    12 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References