疑似Oday
# CVE-2024-4573-Mitigation-Script
CVE-2024-43451 is a vulnerability in systems that allow NTLM authentication, a legacy protocol that can be exploited for credential relay attacks or brute force attacks. This vulnerability arises when NTLM is enabled, leaving systems susceptible to unauthorized access, potentially disclosing the user's NTLMv2 hash to an attacker with only minimal interaction.
This detection script works as follows:
Registry Path Check: Reads the LmCompatibilityLevel value from the registry path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa.
Configuration Evaluation:
If LmCompatibilityLevel is less than 5, NTLM authentication is enabled, and the system is vulnerable.
If LmCompatibilityLevel is 5 or higher, NTLM authentication is disabled, and the system is protected.
Status Report: Outputs whether NTLM authentication is enabled or disabled based on the registry value.
By detecting whether NTLM authentication is enabled, this script will allow you to quickly assess your system's risk exposure to CVE-2024-43451.
Kudos to VSociety
[4.0K] /data/pocs/07bc5b629c7c4072f8318bb3f7f2db80a56dc38e
├── [2.0K] CVE-2024-43573 Mitigation Script.ps
└── [1.0K] README.md
0 directories, 2 files