Security News > 2024 > November > How a Windows zero-day was exploited in the wild for months (CVE-2024-43451)
2024-11-14 09:57
CVE-2024-43451, a Windows zero-day vulnerability for which Microsoft released a fix on November 2024 Patch Tuesday, has been exploited since at least April 2024, ClearSky researchers have revealed. About the vulnerability CVE-2024-43451 affects all supported Windows versions and, when triggered, discloses a user’s NTLMv2 hash to the attacker, who can then use it to either mount pass the hash attacks or extract the user’s password from the hash. The result is in both cases the … More → The post How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/11/14/cve-2024-43451-exploited/
Related news
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
- New Windows Server 2012 zero-day gets free, unofficial patches (source)
- New Windows zero-day exposes NTLM credentials, gets unofficial patch (source)
- Microsoft fixes exploited zero-day (CVE-2024-49138) (source)
- Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) (source)
- Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282) (source)
- Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591) (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-12 | CVE-2024-43451 | Unspecified vulnerability in Microsoft products NTLM Hash Disclosure Spoofing Vulnerability | 6.5 |