Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability

Technical Severity

CVSS v3.1 Metrics

MEDIUM

6.5 / 10

Minimal Risk Critical

Vector Specification

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C

Exploitation Likelihood

EPSS Prediction

90.31 %

Predictive Probability

Percentile Rank

99.6 th

Documented as more likely to be exploited than 99.6% of known CVEs.

Detection Date

Nov 12, 2024

Remediation Due

Dec 03, 2024

CISA Catalog Active

Threat Analysis

Microsoft Windows contains an NTLMv2 hash spoofing vulnerability that could result in disclosing a user's NTLMv2 hash to an attacker via a file open operation. The attacker could then leverage this hash to impersonate that user.

Remediation Directive

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Asset Context

Vendor Identity

Microsoft

Affected Product

Windows

Ransomware Status

Campaign Use Unknown

Weakness Classification

CWE-73

External Intelligence

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43451

NVD

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2024-43451