Summary: Check Point Research has raised an alarm over the exploitation of CVE-2025-24054, a vulnerability in Windows that leaks NTLMv2-SSP hashes through interaction with malicious .library-ms files. Despite Microsoft’s patch released on March 11, 2025, attackers rapidly weaponized the flaw, which allows hash disclosure with minimal user interaction. This vulnerability poses a severe risk to enterprise security, particularly due to its ability to facilitate credential theft and subsequent lateral movement within networks.
Affected: Microsoft Windows
Keypoints :
- Attackers exploit the vulnerability via spoofed .library-ms files, triggering NTLM hash leaks without user interaction.
- Exploitation campaign dubbed NTLM Exploits Bomb has targeted government and private organizations in Poland and Romania.
- Organizations are advised to apply the latest Microsoft patch and enhance security measures against potential attacks.
Source: https://securityonline.info/cve-2025-24054-actively-exploited-ntlm-hash-disclosure-vulnerability/