CVE-2024-43451, a Windows zero-day vulnerability for which Microsoft released a fix on November 2024 Patch Tuesday, has been exploited since at least April 2024. It affects all supported Windows versions and, when triggered, discloses a user’s NTLMv2 hash to the attacker. The result is in both cases the same: the attacker can authenticate to the target system as the user.