CVE-2024-43451

Published Nov 12, 2024

Last updated 4 months ago

Exploit knownCVSS medium 6.5
Microsoft
Windows

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2024-43451 is a spoofing vulnerability affecting Microsoft Windows and Windows Server. It enables attackers to obtain a user's NTLMv2 hash, which contains authentication credentials, through a "pass-the-hash" technique. This allows attackers to potentially impersonate the user and gain unauthorized access. The vulnerability involves creating a malicious URL file. When a user interacts with this file, such as right-clicking, deleting, or moving it, a connection to the attacker's server is established, leading to the leak of the NTLMv2 hash. Exploitation of this vulnerability requires minimal user interaction and was reportedly used in attacks targeting Ukrainian entities. The vulnerability was discovered in June 2024 and a patch was released by Microsoft on November 12, 2024. Users are strongly encouraged to apply the patch to mitigate the risk associated with CVE-2024-43451.

Description
NTLM Hash Disclosure Spoofing Vulnerability
Source
secure@microsoft.com
NVD status
Analyzed

Insights

Analysis from the Intruder Security Team
Published Nov 14, 2024

Although the exploit targets functionality predominantly used by deprecated browser Internet Explorer, exploitation is also possible if Microsoft Edge allows opening pages in IE mode. In this mode, Microsoft Edge makes use of the vulnerable MSHTML platform, but only when group policy is specifically configured to allow it.

Risk scores

CVSS 3.1

Type
Primary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Severity
MEDIUM

Known exploits

Data from CISA

Vulnerability name
Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability
Exploit added on
Nov 12, 2024
Exploit action due
Dec 3, 2024
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov
NVD-CWE-noinfo
secure@microsoft.com
CWE-73

Social media

Hype score
Not currently trending

  1. Actively exploited CVE : CVE-2024-43451

    @transilienceai

    21 Mar 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. Actively exploited CVE : CVE-2024-43451

    @transilienceai

    17 Mar 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. 脅威主体Blind Eagle/APT-C-36が、南米で1,600のマルウェア被害者を発生させている。Check Point社報告。マイクロソフトが2024年12月にCVE-2024-43451の修正を公表した凡そ6日後にはこれを悪用。 https://t.co/kbhfJx1KV1

    @__kokumoto

    12 Mar 2025

    1341 Impressions

    1 Retweet

    8 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  4. Blind Eagle intensifica gli attacchi: campagne mirate contro istituzioni colombiane Sicurezza Informatica, apt, APT-C-36, Blind Eagle, colombia, CVE-2024-43451, exploit, guerra cibernetica, malware, PHISHING, rat, Remcos, WebDAV https://t.co/XuUmYoqmFk https://t.co/0D1T5IyzcN

    @matricedigitale

    12 Mar 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 Blind Eagle strikes again—over 1,600 victims in Colombia since Nov 2024! 🇨🇴 Government & private orgs targeted using spear-phishing & new malware like Remcos RAT. CVE-2024-43451 exploit hits 6 days after patch. See it: https://t.co/fjAnOqxpGF

    @TheHackersNews

    12 Mar 2025

    10869 Impressions

    30 Retweets

    66 Likes

    7 Bookmarks

    1 Reply

    0 Quotes

  6. 🚨 Blind Eagle APT is targeting Colombian institutions with .url malware mimicking CVE-2024-43451 behavior! Over 1,600 victims in one campaign alone. Operation Fail also exposed past phishing activities, stealing 8K+ PII. #CyberSecurity #APT #BlindEagle https://t.co/Q3YsXhCfFX

    @MDST9999

    11 Mar 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 Blind Eagle APT is targeting Colombian institutions with .url malware mimicking CVE-2024-43451 behavior! Over 1,600 victims in one campaign alone. Operation Fail also exposed past phishing activities, stealing 8K+ PII. #CyberSecurity #APT #BlindEagle https://t.co/UxUhh5tMUC

    @HRalphBonnell

    10 Mar 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Check Point Research reveals Blind Eagle (APT-C-36) has targeted Colombian government and private sectors since late 2024, exploiting CVE-2024-43451. Over 1,600 infections reported. 🇨🇴 #BlindEagle #CyberAttack #Colombia link: https://t.co/sNw3rOiyn7 https://t.co/1GBVtMXMsg

    @TweetThreatNews

    10 Mar 2025

    108 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨 Blind Eagle APT is targeting Colombian institutions with .url malware mimicking CVE-2024-43451 behavior! Over 1,600 victims in one campaign alone. Operation Fail also exposed past phishing activities, stealing 8K+ PII. #CyberSecurity #APT #BlindEagle https://t.co/A4PZYJTbyn

    @mdfaridulalam

    10 Mar 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🚨 Blind Eagle APT is targeting Colombian institutions with .url malware mimicking CVE-2024-43451 behavior! Over 1,600 victims in one campaign alone. Operation Fail also exposed past phishing activities, stealing 8K+ PII. #CyberSecurity #APT #BlindEagle https://t.co/K0uXqYC1Me

    @_CPResearch_

    10 Mar 2025

    3285 Impressions

    12 Retweets

    28 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  11. Micropatches Released for NTLM Hash Disclosure Spoofing Vulnerability (CVE-2024-43451) https://t.co/oThem9ivXz

    @TMJIntel

    4 Feb 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. #exploit 1. CVE-2024-43451: Windows NTLMv2 0-day https://t.co/TgQztpU3HB 2. CVE-2024-50050: Vulnerability in meta-llama/llama-stack https://t.co/X1INA4cuA3

    @ksg93rd

    24 Jan 2025

    213 Impressions

    0 Retweets

    5 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  13. #exploit 1. CVE-2024-43451: Windows NTLMv2 0-day https://t.co/sTsJBKmCqh 2. CVE-2024-50050: Vulnerability in meta-llama/llama-stack https://t.co/F3EHLdhuUv

    @akaclandestine

    24 Jan 2025

    1570 Impressions

    14 Retweets

    34 Likes

    12 Bookmarks

    0 Replies

    0 Quotes

  14. 🚨 Detection Script for Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability🚨 📛 CVE-2024-43451 🟠 CVSS: 6.5 ⚠️ CWE: CWE-73 - External Control of File Name or Path 📈 Impact: Code Execution 🎯 CISA KEV: ✅ 🛠️ TTPs: T1190 - Exploit Public-Facing Application 🔗 PoC:… htt

    @gothburz

    31 Dec 2024

    147 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Critical Alert: CVE-2024-43451 A vulnerability in Microsoft Windows enables attackers to extract NTLMv2 hashes with minimal interaction. This opens the door to pass-the-hash attacks, granting unauthorized access to sensitive resources. 🛡️ Detection Guide: https://t.co/z3n4NDiG6N

    @IbraheemA50

    17 Dec 2024

    123 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  16. Top 5 Trending CVEs: 1 - CVE-2024-35286 2 - CVE-2024-3400 3 - CVE-2024-40834 4 - CVE-2024-43451 5 - CVE-2024-8636 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    7 Dec 2024

    80 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Great blog by @dekel_paz about mitigating CVE-2024-43451 (and many other 0-days for that matter) by outbound restriction in the @ZeroNetworks platform. https://t.co/lQj9furdUh

    @ZeroNLabs

    5 Dec 2024

    46 Impressions

    2 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 🟠 #Windows NTLMv2 Hash Disclosure Spoofing Vulnerability (#CVE-2024-43451) - MEDIUM - Medium https://t.co/t9HFfdbNVn

    @dailycve

    28 Nov 2024

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. Windows ゼロデイ脆弱性 CVE-2024-43451 を悪用:1回の右クリックで C2 通信を確立 https://t.co/217oLUA7N5 #CISA #ClearSky #CyberAttack #Exploit #Government #IOC #KEV #Malware #Microsoft #NTLM #Phishing #RedLine #Scammer #SparkRAT #UAC0194 #Ukraine #Vulnerability #ZeroDay

    @iototsecnews

    25 Nov 2024

    195 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. November 2024 Microsoft Patch Tuesday Summary 4 zero-day vulnerabilities addressed: Two of which with CVE-2024-49039 and CVE-2024-43451 exploited in the wild. #PatchNOW #cybersecurity #Windows #ComputerSecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach htt

    @haker_teach

    23 Nov 2024

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Actively exploited CVE : CVE-2024-43451

    @transilienceai

    23 Nov 2024

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  22. A newly patched Windows NT LAN Manager (NTLM) vulnerability, CVE-2024-43451, was exploited as a zero-day by a suspected Russia-linked actor targeting Ukraine. The flaw, which enables theft of NTLMv2 hashes through minimal user interaction, was used in phishing attacks… https://t.

    @enfoasecurity

    22 Nov 2024

    181 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. A newly patched Windows NT LAN Manager (NTLM) vulnerability, CVE-2024-43451, was exploited as a zero-day by a suspected Russia-linked actor in cyberattacks targeting Ukraine. https://t.co/5zbbirj6zM

    @smart_c_intel

    22 Nov 2024

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  24. Microsoft’s November 2024 Patch Tuesday Addresses 87 CVEs (CVE-2024-43451, CVE-2024-49039) https://t.co/KtgRSaHTBo https://t.co/rbZI1xAFug

    @NickBla41002745

    20 Nov 2024

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Actively exploited CVE : CVE-2024-43451

    @transilienceai

    20 Nov 2024

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  26. CVE-2024-43451 is getting exploited #inthewild. Find out more at https://t.co/5gGiG0xS5z CVE-2021-26086 is getting exploited #inthewild. Find out more at https://t.co/j2SoRuRnAx CVE-2024-43451 is getting exploited #inthewild. Find out more at https://t.co/5gGiG0xS5z

    @inthewildio

    19 Nov 2024

    67 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. #CyberSecurityUpdate: Microsoft ha rilasciato aggiornamenti critici correggendo 89 vulnerabilità, mettendo in luce CVE-2024-43451, già sfruttata attivamente dagli hacker. Questo difetto nel motore MSHTML, nonostante la non elevata severità, permette attacchi minimamente… https://

    @cyber_net_now

    18 Nov 2024

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. 🍁У Microsoft прошёл ноябрьский Patch Tuesday. А значит, настало время срочно обновить Windows. Компания закрыла уязвимость нулевого дня CVE-2024-43451 🕷 и 88 других «дыр». Об этом и о том, ак укрепить защиту рабочих устройств — в нашем новом посте: https://t.co/2CxVvqe4zq http

    @Kaspersky_ru

    18 Nov 2024

    178 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. تازگی آسیب پذیری جدیدی از نوع Zero day برای ویندوز با کد شناسایی  CVE-2024-43451 منتشر شده است. این آسیب پذیری بر روی تمامی نسخه های ویندوز شامل ویندوز ۷ و ویندوز ۸ و ویندوز ۱۰ و حتی ویندوز ۱۱ قابل اکسپلویت شدن می باشد. https://t.co/Poz3aKYxT1 https://t.co/eIlwq47HXh

    @AmirHossein_sec

    17 Nov 2024

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. Top 5 Trending CVEs: 1 - CVE-2024-23113 2 - CVE-2024-7965 3 - CVE-2024-47575 4 - CVE-2024-43451 5 - CVE-2024-5690 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    17 Nov 2024

    185 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  31. تنبيه بشأن استغلال الثغرة: استغلت جهات التهديد المرتبطة بروسيا الثغرة الأمنية CVE-2024-43451 بشكل نشط لنشر Spark RAT، مع إمكانية حدوث أضرار جسيمة من خلال سرقة بيانات الاعتماد. اقرأ: https://t.co/hWTabfh2C4

    @CERT_Arabic

    17 Nov 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. 🚨 Patch Now! Critical #Windows Flaw (#CVE-2024-43451) Actively Exploited https://t.co/14pK4djOQR

    @UndercodeNews

    16 Nov 2024

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. 🚨 ¡Actualiza tus sistemas ahora! La vulnerabilidad CVE-2024-43451 en Windows, explotada activamente por meses, ha sido corregida en noviembre.📩 Atacantes utilizaron correos de spear-phishing y el malware SparkRAT para comprometer sistemas. 🔒🛡️ #Ciberseguridad #Malware #ZeroDa

    @RedExpertos

    15 Nov 2024

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. Russian hackers exploited CVE-2024-43451, a new NTLM flaw, in attacks on Ukraine, using phishing emails to deploy malware. Microsoft patched it, but ensure systems are updated by Dec 3 to avoid "pass-the-hash" risks, as flagged by CISA. Stay vigilant!

    @xyberpwn

    15 Nov 2024

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. Microsoft tackled 83 vulnerabilities this month. Among the critical ones, NTLM Hash Disclosure (CVE-2024-43451) is at large, risking user confidentiality with easy exploitation. Patch and monitor diligently to be secure. Sign up for our threat advisory! https://t.co/5cS5XkWqLH h

    @sequretek_sqtk

    15 Nov 2024

    24 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  36. ⚠️ Find files related to the new zero-day vulnerability – #ExploreWithANYRUN ✅ We’ve added the detection for CVE-2024-43451, allowing our users to track and analyze this threat 📌 #CVE can be detected by inspecting the URL shortcut and checking for SMB connections 📂 The… ht

    @anyrun_app

    15 Nov 2024

    1423 Impressions

    6 Retweets

    16 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  37. New NTLM Zero-Day Exploit Alert! Microsoft patches CVE-2024-43451, actively exploited by a suspected Russia-linked actor targeting Ukraine. Attack chain delivers Spark RAT via phishing & malicious .URL files. #CyberSecurity #ZeroDay #Hacking #BugBounty #news #NTLM #PatchN

    @safeyourweb

    15 Nov 2024

    86 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. #0day CVE-2024-43451 https://t.co/3HUw5cKZyu

    @42mayfly

    15 Nov 2024

    91 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. 🚨 Windows Zero-Day Exploited by Russia Triggered With File Drag-and-Drop, Delete Actions 🚨 WIRE TOR - The Ethical Hacking Services ⚠️ Hackers have found a way to exploit a newly patched zero-day vulnerability in Windows identified as CVE-2024-43451. #cve https://t.co/r2mmfO6nv

    @WireTor

    14 Nov 2024

    56 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  40. Microsoft released its November Patch Tuesday update, addressing 89 vulnerabilities in Windows systems, including four zero-day exploits. One critical zero-day vulnerability, CVE-2024-43451, was actively exploited by a suspected Russia-linked actor in cyber attacks targeting… htt

    @XArthurDent

    14 Nov 2024

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. 🚨 New NTLM vulnerability (CVE-2024-43451) exploited by suspected Russian hackers in Ukraine. Phishing emails lead users to download a malicious .URL file, stealing NTLMv2 hashes and deploying malware. Stay vigilant and update systems! #CyberSecurity #Ukraine https://t.co/5LJl

    @redfoxsec

    14 Nov 2024

    49 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  42. #KDaily@kaspersky CVE-2024-43451 и другие поводы немедленно обновляться Эксплуатация уязвимости CVE-2024-43451 позволяет атакующему похитить NTLMv2-хеш без необходимости открытия вредоносного файла. https://t.co/NmppyKXB21

    @kmscom3

    14 Nov 2024

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. 2つの threat actor が execution 部分で 0-day 使用👀 Win10 以上での発火条件は 1. 右クリック 2. delete ボタン使ったファイル削除 3. 別のフォルダへのドラッグ移動 のどれかだから誘導あれば悪用可能範囲かな? New Zero-Day Vulnerability Detected: CVE-2024-43451 https://t.co/QMp11mryun

    @strinsert1Na

    14 Nov 2024

    2107 Impressions

    4 Retweets

    27 Likes

    19 Bookmarks

    1 Reply

    0 Quotes

  44. The exploit for CVE-2024-43451 , a new zero-day vulnerability in Windows, is executed by deleting files, drag-and-dropping them, or right clicking on them. https://t.co/J8ajvpUwrG

    @EduardKovacs

    14 Nov 2024

    2570 Impressions

    4 Retweets

    17 Likes

    6 Bookmarks

    0 Replies

    1 Quote

  45. How a #Windows zero-day was #exploited in the wild for months (#CVE-2024-43451) https://t.co/wZePaEusnK

    @ScyScan

    14 Nov 2024

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. Right-Click to Hack: Zero-Day CVE-2024-43451 Vulnerability Targets Windows Users https://t.co/vul2kPCgqN

    @clb_bcr

    14 Nov 2024

    51 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  47. Analysis of the URL File Zero-Day Vulnerability CVE-2024-43451 https://t.co/eKgRnbD1pd https://t.co/WeOOv5k5Py

    @blackorbird

    14 Nov 2024

    9273 Impressions

    43 Retweets

    167 Likes

    82 Bookmarks

    1 Reply

    0 Quotes

  48. Russia contro Ucraina e Cina contro USA nella guerra cibernetica Sicurezza Informatica, apt, botnet, cina, CVE-2024-43451, evidenza, guerra cibernetica, Salt Typhoon, Volt Typhoon, vulnerabilità, windows, zero-day https://t.co/I9ZcFPbQC2 https://t.co/uvlASYrZbK

    @matricedigitale

    14 Nov 2024

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. Learn about the newly patched NTLM security flaw (CVE-2024-43451), exploited by suspected Russian hackers targeting Ukraine. Stay informed on the vulnerability, its exploitation, and Microsoft's patch to safeguard your organization. More insights at: https://t.co/NjwTxG9aLa.

    @KrofekSecurity

    14 Nov 2024

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. Exploit alert: Russia-linked threat actors have actively exploited the CVE-2024-43451 #vulnerability to deploy Spark RAT, with the potential for significant damage through credential theft. Read: https://t.co/ANuvMDSUwS... https://t.co/eOsfbJ5GmW

    @IT_news_for_all

    14 Nov 2024

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References