The following post is for everyone who is anxiously awaiting the Windows 10 Anniversary Update. The company is expected to release the much-anticipated today information, αλλά δεν σκέφτεται να ασφαλίσει το σύστημά της που προσφέρει ένα σοβαρό κενό ασφαλείας σε κακόβουλους users from 1997.
A flaw in how Windows shares shared old shared network resources can leak Microsoft's user account, password, or VPN if the victim uses a VPN to surf the Internet.
Το exploit επιτρέπει σε έναν εισβολέα την ενσωμάτωση ενός συνδέσμου σε ένα SMB resource (network share) μέσα σε μια by clicking here or in an e-mail to be viewed through Edge, or Internet Explorer or Outlook respectively.
The attacker can mask the connection to the network share he uses in image tags, and instead of the correct link to the image, he can place a link to a shared network component hosted on his own network.
When a user opens this connection via Internet Explorer, Edge, or Outlook, because of the way Windows manages authentication on shared networks, their computer will automatically send their login credentials for authentication to their computer fraudster.
The Microsoft account password is not leaked in plain text, but in NTLM hash. But researchers have long proven that these hashes they can break easily.
The issue we described above is not new and not just Windows 10. Microsoft and the research community are aware of this issue from 1997 and are often discussed at security conferences, such as Black Hat.
But what has changed since Windows 8 is that Microsoft has begun to allow users to authenticate to their computers with Microsoft accounts.
In Windows 10, this has become the de facto method for authentication, which means that more users have started using it.
In recent years, Microsoft has begun to connect all of its online services with the user's Microsoft account.
Thus, according to ProstoVPN's ValdikSS, this old attack allows fraudsters to obtain the credentials of Microsoft accounts that grant indirect access to all of the company's services: Windows 10, Skype, Xbox, OneDrive, Office 360, MSN, Bing, Azure, and many others.
ValdikSS reports that the easiest way to protect yourself from such attacks is by blocking all outgoing SMB connections (the 445 port) through the Windows Firewall, except for local networks.
