“In order to exploit this vulnerability, an authorized attacker would need to run a specially crafted application on the target system to exploit the vulnerability to elevate their privileges to a Moderate Integrity Level.”
The second zero-day exploit, CVE-2024-43451, achieves a lower CVSS of 6.5 but remains a concern, given that it is a hash disclosure flaw in the now deprecated NTLMv2 that affects all versions of Windows since Windows Server 2008 .
For a hacker, the most direct route to security is to defeat or bypass authentication in some way. That can be done by stealing passwords, but also by stealing their hashes. In the case of this flaw, that would allow an attacker to perform a pass-the-hash attack by extracting the hash from memory before using it to authenticate to the target system.
Source link