New
#1
18-year-old Windows bug allows attackers to harvest credentials
This week, security researchers at Cylance disclosed a vulnerability in Server Message Block (SMB) that allows attackers to harvest user credentials from any Windows computer, server, or tablet, including those running the Windows 10 Technology Preview.
The attack is relatively trivial to execute, requiring the user to input a malicious "file://" URL, click a similarly malicious link, or use any program that could automatically attempt to load such a link, such as generating a thumbnail for a linked image on a maliciously-coded page. Accessing this link leads to an authentication attempt by Windows. When combined with a man-in-the-middle attack, this exploit can be used to capture user credentials.
When a fix will be available
If you do not have a need for SMB functionality, your best bet is to block outbound traffic on TCP 139 and 445 in your firewall. If you do and are waiting on an official fix from Microsoft, prepare to be disappointed.
18-year-old Windows bug allows attackers to harvest credentials - TechRepublic