CVE-2024-43451: 
vulnerability analysis and mitigation

CVE-2024-43451 is a Windows zero-day vulnerability that affects all supported Windows versions. The vulnerability was discovered being actively exploited in the wild since April 2024, with Microsoft releasing a fix during the November 2024 Patch Tuesday. This NTLM Hash Disclosure Spoofing Vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) (NVD, HelpNet Security).

The vulnerability allows attackers to obtain a user's NTLMv2 hash when specific file operations are performed. The flaw is particularly more exploitable on Windows 10/11 operating systems compared to older versions. On Windows 7, 8, and 8.1, the exploitation requires specific conditions, such as having the target folder open during file operations, and may need multiple attempts to succeed. The vulnerability has been assigned a CVSS vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N (HelpNet Security).

When successfully exploited, the vulnerability allows attackers to capture the user's NTLMv2 hash, which can then be used in two ways: either to conduct pass the hash attacks or to attempt extracting the user's password from the hash. Both scenarios enable the attacker to authenticate to the target system with the compromised user's credentials (HelpNet Security).

Microsoft has released security patches to address CVE-2024-43451 as part of the November 2024 Patch Tuesday updates. Users and administrators of Windows and Windows Server systems are strongly advised to apply these patches as soon as possible. The vulnerability has been added to CISA's Known Exploited Vulnerabilities Catalog, with federal agencies required to apply mitigations by December 3, 2024 (NVD).