Security News > 2024 > November > How a Windows zero-day was exploited in the wild for months (CVE-2024-43451)
2024-11-14 09:57
CVE-2024-43451, a Windows zero-day vulnerability for which Microsoft released a fix on November 2024 Patch Tuesday, has been exploited since at least April 2024, ClearSky researchers have revealed. About the vulnerability CVE-2024-43451 affects all supported Windows versions and, when triggered, discloses a user’s NTLMv2 hash to the attacker, who can then use it to either mount pass the hash attacks or extract the user’s password from the hash. The result is in both cases the … More → The post How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/11/14/cve-2024-43451-exploited/
Related news
- Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) (source)
- Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282) (source)
- Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591) (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) (source)
- Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) (source)
- Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) (source)
- Cybercrime gang exploited VeraCore zero-day vulnerabilities for years (CVE-2025-25181, CVE-2024-57968) (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-12 | CVE-2024-43451 | Unspecified vulnerability in Microsoft products NTLM Hash Disclosure Spoofing Vulnerability | 6.5 |