Windows NTLM Spoofing Flaw: Patch Now or Risk Cyber Mayhem!
The U.S. Cybersecurity and Infrastructure Security Agency has added a medium-severity flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities catalog. Identified as CVE-2025-24054, this NTLM spoofing bug is being actively exploited. While Microsoft patched it last month, hackers are still using it to pilfer NTLM hashes like they’re going out of style.
Hot Take:
If NTLM vulnerabilities were a party, they’d definitely be the uninvited guests that still manage to cause chaos. Even though Microsoft gave NTLM the boot last year in favor of Kerberos, it seems NTLM just won’t take the hint and leave quietly. It’s like that ex who keeps popping up in your social media memories — you thought you’d moved on, but there they are, causing trouble all over again.
Key Points:
- NTLM vulnerability CVE-2025-24054 has been actively exploited, prompting CISA to add it to its KEV catalog.
- The flaw is a spoofing bug that allows unauthorized attackers to extract NTLM hashes over a network.
- Despite low exploitability assessment from Microsoft, it’s been used in attacks targeting institutions in Poland and Romania.
- Exploitation involves minimal user interaction, primarily through malicious .library-ms files.
- Federal agencies have until May 8, 2025, to patch systems against this vulnerability.