Skip to content

Freshly discovered Windows vulnerability already exploited in the wild

  • by
  • 2 min read

A freshly discovered NTLM vulnerability in Windows is being exploited only a week after Microsoft patched the issue. The vulnerability is tracked as CVE-2025-24054 and has a CVSS score of 6.5. If exploited correctly, this medium-severity flaw can allow hackers to access your NTLM hash, enabling them to carry out spoofing attacks over the network.

NTLM, or New Technology LAN Manager, is a suite of authentication protocols developed by Microsoft to verify user credentials and protect networks. If an attacker gains access to the NTLM hash, they can brute-force it offline or carry out relay attacks to obtain a victim’s network credentials.

Microsoft’s advisory warns that exploitation only requires minimal user interaction. Even selecting, dragging, or right-clicking the file can trigger an exploit. Post exploitation, attackers can move laterally on the network, elevate their privileges, and even compromise the domain. However, this largely depends on the privileges of the compromised user, meaning a compromised admin account can cause more damage than a simple network user.

This is an image of cyber security hacked breach

As for the threat actors behind the exploit, security researchers from Check Point Research found hackers exploiting the bug in attacks targeting Polish and Romanian government and private organisations. The campaign appears to have occurred between March 20 and 21. Victims were targeted via phishing links sent to their emails, which included a link to an archive download from Dropbox.

This isn’t the only campaign targeting the vulnerability, either. Until March 25, researchers found another 10 campaigns attempting to capture NTLM hashes from targets, with the attacking servers hosted in Australia, Bulgaria, the Netherlands, Russia, and Turkey.

Microsoft’s advisory claims that CVE-2025-24054 hasn’t been exploited in the wild yet. However, in addition to Check Point Research’s observation, the US CISA has also added the bug to its list of Known Exploited Vulnerabilities, mandating that all federal agencies patch the issue by May 8.

In the News: Indian consumer courts to accept complaints against WhatsApp

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

Related Reads

Photo: koshiro k/shutterstock. Com

OpenAI’s o3 model scores lower than initially promised

  • by
  • AI, In News
This is an image of spyware on pc

Russian hosting provider abused for malware delivery

What is a hack? 9 different types of hackers you must know about

Kimsuky-linked APT campaign exploits RDP and MS Office flaws

This is an image of instagram featured

Meta expands AI-powered age verification on Instagram

This is an image of gmail featured 134

Google OAuth flaw exploited to bypass Gmail security filters

Photo: wachiwit / shutterstock. Com

How to enable DirectX 12 Ultimate in Windows 11?

>