CISA adds Windows NTLM hash disclosure spoofing flaw to its Known Exploited Vulnerabilities Catalog
A vulnerability in the Windows NTLM authentication protocol, which is known to have been actively exploited for at least a month, has been added to the US CISA’s Known Exploited Vulnerabilities Catalog.
While Microsoft deprecated NTLM last year, it remains widely used. Security researchers discovered the hash disclosure spoofing bug, and Microsoft quietly patched it in March. But the creation of a patch is one thing -- having users install it is something else. By adding the vulnerability, tracked as CVE-2025-24054, to its catalog, CISA is raising aware that action needs to be taken.
Microsoft officially deprecates NTLM and promotes Kerberos authentication
Several months after announcing its intention to do so, Microsoft has official deprecated the NTLM (NT LAN Manager) authentication protocol in Windows and Windows Server.
NTLM is now a very old protocol which has been superseded by the more secure and feature-rich Kerberos. It will still be possible to use NTLM until the next release of Windows and Windows Server, but Microsoft is keen for users to take action now.