Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CVE-2024-30081: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in Microsoft Windows 10 Version 1809

0
High
VulnerabilityCVE-2024-30081cvecve-2024-30081cwe-200
Published: Tue Jul 09 2024 (07/09/2024, 17:02:08 UTC)
Source: CVE
Vendor/Project: Microsoft
Product: Windows 10 Version 1809

Description

Windows NTLM Spoofing Vulnerability

AI-Powered Analysis

AILast updated: 10/14/2025, 22:24:37 UTC

Technical Analysis

CVE-2024-30081 is a vulnerability classified under CWE-200, indicating exposure of sensitive information to unauthorized actors. It specifically affects Microsoft Windows 10 Version 1809 (build 10.0.17763.0) and involves NTLM (NT LAN Manager) spoofing. NTLM is an authentication protocol used in Windows environments, and spoofing it can allow attackers to impersonate legitimate users or systems. This vulnerability enables attackers to intercept or manipulate NTLM authentication processes, potentially exposing sensitive data such as authentication tokens or user credentials. The vulnerability requires no privileges but does require user interaction, such as clicking a malicious link or opening a crafted file, to trigger the exploit. The CVSS 3.1 score of 7.1 reflects a high severity due to the high impact on confidentiality and integrity, although availability is not affected. The attack vector is local (AV:L), meaning the attacker needs local access or a foothold within the network. The vulnerability is currently published with no known exploits in the wild, but the risk remains significant due to the sensitive nature of the exposed information. The lack of available patches at the time of reporting means organizations must rely on interim mitigations. NTLM spoofing vulnerabilities are particularly dangerous in enterprise environments where NTLM is still widely used for legacy support, making lateral movement and privilege escalation easier for attackers.

Potential Impact

For European organizations, the impact of CVE-2024-30081 can be substantial. Exposure of sensitive authentication information can lead to unauthorized access to internal systems, data breaches, and lateral movement within corporate networks. Industries such as finance, healthcare, government, and critical infrastructure are at higher risk due to their reliance on legacy Windows systems and the sensitivity of their data. The vulnerability undermines confidentiality and integrity, potentially allowing attackers to impersonate users or escalate privileges without disrupting system availability. This can result in data theft, espionage, or sabotage. The requirement for user interaction limits mass exploitation but targeted phishing or social engineering attacks could be effective. Organizations that have not upgraded from Windows 10 Version 1809 or have legacy systems still running this version are particularly vulnerable. The absence of known exploits in the wild provides a window for proactive defense, but the risk of future exploitation remains high.

Mitigation Recommendations

To mitigate CVE-2024-30081, organizations should: 1) Apply security patches from Microsoft as soon as they become available for Windows 10 Version 1809; 2) Where patching is delayed, disable or restrict NTLM authentication via Group Policy or registry settings to reduce attack surface; 3) Implement network segmentation to limit the spread of potential NTLM spoofing attacks; 4) Employ multi-factor authentication (MFA) to reduce reliance on NTLM credentials; 5) Monitor network traffic and authentication logs for unusual NTLM activity or failed authentication attempts indicating spoofing; 6) Educate users about phishing and social engineering risks to minimize user interaction exploitation; 7) Consider upgrading legacy systems to supported Windows versions that have improved authentication security; 8) Use endpoint detection and response (EDR) tools to detect suspicious local activity related to NTLM spoofing attempts.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
microsoft
Date Reserved
2024-03-22T23:12:15.569Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d981dc4522896dcbdb5bc

Added to database: 5/21/2025, 9:08:45 AM

Last enriched: 10/14/2025, 10:24:37 PM

Last updated: 10/16/2025, 3:18:20 PM

Views: 29

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats