Date:04/08/16
Microsoft's Windows 10 Anniversary Update still contains an age-old coding glitch that's responsible for leaking log-in and password data to potentially undesirable people.
The exploit dates back to 1997 and involves Windows trying to log-in to any Server Message Block (SMB) by offering user credentials.
Thus, all an attacker has to do is set up an SMB network share and encourage the victim to visit the IP address set up to host it.
This leaks the Windows log-in name and NT LAN Manager hash of the password and Windows domain.
It was never seen as a particularly huge problem when this information was just local system log-in details, but Windows 8's love of attaching the log-in to online accounts on Microsoft Exchange, Hotmail or Office 365 upped the risk considerably.
Simply put, anything attached to that central log-in is now open to compromise, whether it's data stored on OneDrive, a Skype account, Office Xbox Live or even, we'd theorise, Cortana seeing as Microsoft insists that you sign into the assistant separately since the release of the Anniversary Update.
The Edge browser end user base is growing, so it's also now particularly easy for external forces to engineer navigation to the network share. Even something as simple as an embedded image in another website can act as an easy incentive.
VPN connections using Windows VPN software can also be targeted in the same way. If the network share is exploited through a VPN, the VPN's log-in credentials will be revealed instead.
VPN provider Perfect Privacy offers a test website which works only in Internet Explorer or Edge to determine how many of your details are leaking. Obviously, you use this at your own risk.
Chrome, Firefox and any other popular non-Windows browsers aren't ordinarily affected by this glitch. But seeing as everything else in Windows can be targeted, these browsers can easily redirect to Outlook or any number of other Windows applications.
Windows 10 Anniversary Update still has coding glitch that leaks data to hackers.
Microsoft's Windows 10 Anniversary Update still contains an age-old coding glitch that's responsible for leaking log-in and password data to potentially undesirable people.The exploit dates back to 1997 and involves Windows trying to log-in to any Server Message Block (SMB) by offering user credentials.
Thus, all an attacker has to do is set up an SMB network share and encourage the victim to visit the IP address set up to host it.
This leaks the Windows log-in name and NT LAN Manager hash of the password and Windows domain.
It was never seen as a particularly huge problem when this information was just local system log-in details, but Windows 8's love of attaching the log-in to online accounts on Microsoft Exchange, Hotmail or Office 365 upped the risk considerably.
Simply put, anything attached to that central log-in is now open to compromise, whether it's data stored on OneDrive, a Skype account, Office Xbox Live or even, we'd theorise, Cortana seeing as Microsoft insists that you sign into the assistant separately since the release of the Anniversary Update.
The Edge browser end user base is growing, so it's also now particularly easy for external forces to engineer navigation to the network share. Even something as simple as an embedded image in another website can act as an easy incentive.
VPN connections using Windows VPN software can also be targeted in the same way. If the network share is exploited through a VPN, the VPN's log-in credentials will be revealed instead.
VPN provider Perfect Privacy offers a test website which works only in Internet Explorer or Edge to determine how many of your details are leaking. Obviously, you use this at your own risk.
Chrome, Firefox and any other popular non-Windows browsers aren't ordinarily affected by this glitch. But seeing as everything else in Windows can be targeted, these browsers can easily redirect to Outlook or any number of other Windows applications.
Views: 465
©ictnews.az. All rights reserved.
Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World
