“To use this vulnerability, an authenticated attacker would wish to run a specifically crafted utility on the goal system to take advantage of the vulnerability to raise their privileges to a Medium Integrity Degree.”
The second exploited zero day, CVE-2024-43451, earns a decrease CVSS of 6.5 however will nonetheless be a fear, provided that it’s a hash disclosure flaw within the now deprecated NTLMv2 affecting all variations of Home windows stretching again to Home windows Server 2008.
For a hacker, probably the most direct route previous safety is to defeat or bypass authentication ultimately. That may be finished by stealing passwords, but in addition by stealing their hashes. Within the case of this flaw, that may permit an attacker to conduct a pass-the-hash assault by siphoning off the hash from reminiscence earlier than utilizing it to authenticate on a goal system.
