Security News > 2024 > November > How a Windows zero-day was exploited in the wild for months (CVE-2024-43451)
2024-11-14 09:57
CVE-2024-43451, a Windows zero-day vulnerability for which Microsoft released a fix on November 2024 Patch Tuesday, has been exploited since at least April 2024, ClearSky researchers have revealed. About the vulnerability CVE-2024-43451 affects all supported Windows versions and, when triggered, discloses a user’s NTLMv2 hash to the attacker, who can then use it to either mount pass the hash attacks or extract the user’s password from the hash. The result is in both cases the … More → The post How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/11/14/cve-2024-43451-exploited/
Related news
- Qualcomm zero-day under targeted exploitation (CVE-2024-43047) (source)
- Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381) (source)
- Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) (source)
- Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680) (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575) (source)
- New Windows Themes zero-day gets free, unofficial patches (source)
- Windows Themes zero-day bug exposes users to NTLM credential theft (source)
- Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-12 | CVE-2024-43451 | Unspecified vulnerability in Microsoft products NTLM Hash Disclosure Spoofing Vulnerability | 6.5 |