⚠ Actively exploited

Added to CISA KEV on 2024-11-12. Federal agencies required to patch by 2024-12-03. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..

CVE-2024-43451 — External Control of File Name or Path in Microsoft Windows 10 Version 1507

CWE-73 — External Control of File Name or Path21 documents13 sources

Severity

6.5MEDIUMCNA

No vector

EPSS

90.3%

top 0.40%

CISA KEV

KEV

Added 2024-11-12

Due 2024-12-03

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Windows 10 Version 1507 Microsoft Windows 10 Version 1607 Microsoft Windows 10 Version 1809 +13 more

Timeline

PublishedNov 12

KEV addedNov 12

KEV dueDec 3

Latest updateNov 26

CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

NTLM Hash Disclosure Spoofing Vulnerability NTLM Hash Disclosure Spoofing Vulnerability

Affected Packages16 packages

▶CVEListV5microsoft/windows_server_201610.0.14393.0 — 10.0.14393.7515

▶CVEListV5microsoft/windows_server_201910.0.17763.0 — 10.0.17763.6532

▶CVEListV5microsoft/windows_server_202210.0.20348.0 — 10.0.20348.2849

▶CVEListV5microsoft/windows_server_202510.0.26100.0 — 10.0.26100.2314

▶CVEListV5microsoft/windows_server_2012_r26.3.9600.0 — 6.3.9600.22267

🔴Vulnerability Details

CVEList

NTLM Hash Disclosure Spoofing Vulnerability↗2024-11-12

▶

VulnCheck

Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability↗2024

▶

🔍Detection Rules

Suricata

ET EXPLOIT NTLM Hash Disclosure via InternetShortcut File Inbound with UNC Path Inbound (CVE-2024-43451)↗2025-05-13

▶

📋Vendor Advisories

Microsoft

NTLM Hash Disclosure Spoofing Vulnerability↗2024-11-12

▶

CISA

Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability↗2024-11-12

▶

🕵️Threat Intelligence

Securelist

Old tech, new vulnerabilities: NTLM abuse, ongoing exploitation in 2025↗2025-11-26

▶

Securelist

How NTLM is being abused in 2025 cyberattacks↗2025-11-26

▶

Securelist

Vulnerability landscape analysis for Q4 2024↗2025-02-26

▶

Securelist

Exploits and vulnerabilities in Q4 2024↗2025-02-26

▶

Tenable

Microsoft Patch Tuesday 2024 Year in Review↗2024-12-10

▶

External resources

NVD MITRE CISA KEV

Affected products16

Microsoft Windows 10 Version 1507≥ 10.0.10240.0, < 10.0.10240.20826

Microsoft Windows 10 Version 1607≥ 10.0.14393.0, < 10.0.14393.7515

Microsoft Windows 10 Version 1809≥ 10.0.17763.0, < 10.0.17763.6532

Microsoft Windows 10 Version 21h2≥ 10.0.19043.0, < 10.0.19044.5131

Microsoft Windows 10 Version 22h2≥ 10.0.19045.0, < 10.0.19045.5131

Microsoft Windows 11 Version 22h2≥ 10.0.22621.0, < 10.0.22621.4460

Microsoft Windows 11 Version 22h3≥ 10.0.22631.0, < 10.0.22631.4460

Microsoft Windows 11 Version 23h2≥ 10.0.22631.0, < 10.0.22631.4460

Microsoft Windows 11 Version 24h2≥ 10.0.26100.0, < 10.0.26100.2314

Microsoft Windows Server 2008 R2 Service Pack 1≥ 6.1.7601.0, < 6.1.7601.27415

Disclosure

PublishedNov 12, 2024

KEV addedNov 12, 2024

KEV dueDec 3, 2024

Latest updateNov 26, 2025