CVE-2024-43451 discloses NTLMv2 hashes with minimal user interaction — selecting a malicious file in Explorer is sufficient. Apply November 2024 patches and enforce SMB signing to prevent relay attacks. This is trivially exploitable in phishing campaigns pairing a UNC path link with a weaponized file.
Windows NTLM Hash Disclosure Spoofing Vulnerability. Minimal user interaction, such as selecting a file, is required to trigger the vulnerability.
Supernova subscribers receive AI-triaged CVE alerts the moment they're published — before the PoC drops.
Start Supernova — $99/mo →