At the Black Hat USA 2015 conference held in Las Vegas, a group of experts in issues ασφάλειας με επικεφαλής τον Jonathan Brossard παρουσίασαν μια ευπάθεια στο πρωτόκολλο της Microsoft Server Message Block (SMB) που χρησιμοποιείται για κοινή χρήση αρχείων σε τοπικά δίκτυα.
The vulnerability reported to Black Hat USA affects all versions of Windows, and the newer Windows 10, and can be exploited over the Internet, which the researchers they considered unlikely.
The SMB is an IBM-created 21 protocol that allows files and printers to be shared within a network.
Since its development, it has reached the 3.0 version, which works with most Windows applications.
The protocol is most often used in enterprise networks, in conjunction with the control algorithm identity NTLMv2, which allows users to authenticate themselves to Windows servers.
The vulnerability discovered by Mr Brossard's team allows hackers to extract a user's credentials from a Windows network using a technique called SMB relay (basic man-in-the-middle attack for SMB data).
The attack is the first to affect the new Microsoft browser, Edge. However, applications affected by vulnerability are not finished!
As Mr. Brossard stated at the Black Hat USA 2015 conference, all versions of IE are vulnerable. Additionally, other vulnerable applications are: Windows Media Player, Adobe Reader, Apple QuickTime, Excel 2010, Norton Security Scan Symantec, AVG Free, BitDefender free, Comodo Antivirus, IntelliJ IDEA, Box Sync, GitHub for Windows, TeamViewer, and many many more!
