Στο συνέδριο Black Hat USA 2015 που πραγματοποιήθηκε στο Λας Βέγκας, μια ομάδα εμπειρογνωμόνων σε θέματα better safetyς με επικεφαλής τον Jonathan Brossard παρουσίασαν μια ευπάθεια στο πρωτόκολλο της Microsoft Server Message Block (SMB) που χρησιμοποιείται για κοινή χρήση αρχείων σε τοπικά δίκτυα.
The vulnerability presented to Black Hat USA affects all versions of Windows, and the newer Windows 10, and can be exploited over the Internet, which the researchers found unlikely.
SMB is a 21-year-old protocol created by IBM that allows file and printer sharing within a network.
Since its development, it has reached the 3.0 version, which works with most Windows applications.
The protocol is often used in enterprise networks, in conjunction with the NTLMv2 authentication algorithm, which allows users to validate their identity on Windows servers.
The vulnerability discovered by Mr Brossard's team allows hackers to extract a user's credentials from a Windows network using a technique called SMB relay (basic man-in-the-middle attack for SMB data).
The attack is the first to affect the new Microsoft browser, Edge. However, applications affected by vulnerability are not finished!
As Mr. Brossard stated at the Black Hat USA 2015 conference, all versions of IE are vulnerable. Additionally, other vulnerable applications are: Windows Media Player, Adobe Reader, Apple QuickTime, Excel 2010, Norton Security Scan Symantec, AVG Free, BitDefender free, Comodo Antivirus, IntelliJ IDEA, Box Sync, GitHub for Windows, TeamViewer, and many many more!
