• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Old Windows security flaw resurfaces to steal your login


PCHF Tech News
Jan 10, 2015

Security firm Cylance uncovered a security flaw that leaves any device running Windows 8.1 or earlier vulnerable. The Windows vulnerability exposes the user's Windows username and password automatically when a user clicks on a malicious link or URL.

Dubbed "Redirect to SMB," the vulnerability is a variant of a flaw discovered by researcher Aaron Spangler in 1997. Cyclance claims that the flaw was never patched by Microsoft, and the new hack targets the SMB file sharing protocol.

When a victim enters a URL that starts with 'file://' or clicks on a malicious link, Windows is tricked into believing that the user is trying to access a file on a server. Because of this flaw, Windows will try to authenticate itself on the server, revealing the user's login credentials.

Although the username is exposed, the password is encrypted. However, Cyclance claims that any hacker with a high-end GPU can decode the encryption. Cracking an eight-character password can be done in less than half a day.

Microsoft's response

Microsoft officials are downplaying the seriousness of the threat, stating that multiple things have to happen to create the perfect storm.

"We don't agree with Cylance's claims of a new attack type. Cybercriminals continue to be engaged in a number of nefarious tactics," a Microsoft spokesperson told CNET. "However, several factors would need to come together for this type of cyberattack to work, such as success in luring a person to enter information into a fake website. We encourage people to avoid opening links in emails from senders that they don't recognize or visiting unsecure sites."

Microsoft has not stated if or when a patch would arrive.

Cyclance claims that 31 programs are susceptible to the SMB flaw, including commonly used software like the preloaded Internet Explorer browser as well as Microsoft Excel 2010, Adobe Acrobat Reader and even Symantec's Norton Security Scan.



Continue reading...