In a security advisory last updated on Saturday, Microsoft gave the flaw “Exploitation Less Likely” status, which it defines in part as follows: “ Microsoft analysis has shown that while exploit code could be created, an attacker would likely have difficulty creating the code, requiring expertise and/or sophisticated timing, and/or varied results when targeting the affected product. Moreover, Microsoft has not recently observed a trend of this type of vulnerability being actively exploited in the wild. This makes it a less attractive target for attackers.”
Mitre, on the other hand, states in its analysis that the likelihood of an exploitation from the exposure of NTLM hashes is high, and that information exposures can occur in different ways, key among them being “the code manages resources that intentionally contain sensitive information, but the resources are unintentionally made accessible.”
The analysis notes that sensitive information could include personal information such as health records, business secrets and intellectual property, network status and configuration, and “system status and environment, such as the operating system and installed packages.”