What is the Vulnerability?Microsoft Windows contains an NTLMv2 hash spoofing vulnerability (CVE-2024-43451) that could result in disclosing a user’s NTLMv2 hash to an attacker via a file open operation. The attacker can leverage this hash to impersonate that user with minimal interaction from the victim. This vulnerability (CVE-2024-43451) has been added to CISA’s Known Exploited Vulnerabilities Catalog (KEV) list on November 12, 2024.What is the recommended Mitigation?Microsoft has released a security update to fix the vulnerability on November 12, 2024. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43451 What FortiGuard Coverage is available?FortiGuard recommends users to apply the fix provided by the vendor as soon as possible.FortiGuard IPS protection is available, and Fortinet customers remain protected through it.The FortiGuard Incident Response team can be engaged to help with any suspected compromise.
More Stories
libxml2-2.12.9-1.fc40
FEDORA-2024-9f3765a04b Packages in this update: libxml2-2.12.9-1.fc40 Update description: Update to 2.12.9 Fixes CVE-2024-40896 Read More
libxml2-2.12.9-1.fc41
FEDORA-2024-867a14de12 Packages in this update: libxml2-2.12.9-1.fc41 Update description: Update to 2.12.9 Fixes CVE-2024-40896. Read More
iwd-3.3-1.fc40 libell-0.71-1.fc40
FEDORA-2024-0fa283c43a Packages in this update: iwd-3.3-1.fc40 libell-0.71-1.fc40 Update description: iwd 3.3: Fix issue with handling External Authentication. iwd 3.2: Fix...
iwd-3.3-1.fc41 libell-0.71-1.fc41
FEDORA-2024-256818da09 Packages in this update: iwd-3.3-1.fc41 libell-0.71-1.fc41 Update description: iwd 3.3: Fix issue with handling External Authentication. iwd 3.2: Fix...
A Vulnerability in Apache Struts2 Could Allow for Remote Code Execution
A vulnerability has been discovered in Apache Struts2, which could allow for remote code execution. Apache Struts2 is an open-source...
CyberDanube Security Research 20241219-0 | Authenticated Remote Code Execution in Ewon Flexy 205
Posted by Thomas Weber | CyberDanube via Fulldisclosure on Dec 21 CyberDanube Security Research 20241219-0 ------------------------------------------------------------------------------- title| Authenticated Remote Code...