1. Joined : Oct 2014
    In a house with a crazy cat trying to kill me
    Posts : 11,402
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
       16 Apr 2015 #1

    18-year-old Windows bug allows attackers to harvest credentials

    This week, security researchers at Cylance disclosed a vulnerability in Server Message Block (SMB) that allows attackers to harvest user credentials from any Windows computer, server, or tablet, including those running the Windows 10 Technology Preview.

    The attack is relatively trivial to execute, requiring the user to input a malicious "file://" URL, click a similarly malicious link, or use any program that could automatically attempt to load such a link, such as generating a thumbnail for a linked image on a maliciously-coded page. Accessing this link leads to an authentication attempt by Windows. When combined with a man-in-the-middle attack, this exploit can be used to capture user credentials.
    When a fix will be available

    If you do not have a need for SMB functionality, your best bet is to block outbound traffic on TCP 139 and 445 in your firewall. If you do and are waiting on an official fix from Microsoft, prepare to be disappointed.

    18-year-old Windows bug allows attackers to harvest credentials - TechRepublic
      My System SpecsSystem Spec

  2. Joined : Jul 2014
    Belo Horizonte
    Posts : 710
    Windows 10 Build 14267
       16 Apr 2015 #2

    18 year !!!

    It's a legal age bug... lol...

      My System SpecsSystem Spec

  3. Joined : Mar 2015
    New Mexico
    Posts : 990
    Windows 10 Pro,
       25 Apr 2015 #3

    Barely legal.
      My System SpecsSystem Spec

  4. Joined : Feb 2015
    Bamberg Germany
    Posts : 12,905
    Microsoft Windows 10 Pro 64-bit 14393 Multiprocessor Free
       25 Apr 2015 #4

    Sorry in my book if it can't by beer, it's not of age
      My System SpecsSystem Spec


Similar Threads
Thread Forum
Build 10074, clean SSD, stuck on just a moment after credentials
Hi all, first post here. Am trying to install build 10074 on a freshly formatted (no dual boot) 256GB SSD in my Dell XPS 12 via USB. I get through the installation, reboot, do the initial setup, provide my MS account, then get stuck. White...
Installation and Setup
Windows 10 for Enterprise is not free in the first year...
Businesses switching to Windows 10 for Enterprise won't be getting the operating system as a free upgrade within the first year of release and it will be updated differently as well. Back in October, it was reported that Microsoft was working on a...
Windows 10 News
Office Use your Office 365 credentials to sign in to Yammer
Windows 10 News
Login Credentials (Local vs Live ID)
I suppose I don't have a "real" problem with using a Live ID to log in to Windows 9 (should they abandon local user names, as I hear they just might). My concern would be logging in to Windows NT based servers, or Windows NT domains. Would Live ID...
General Support
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 04:59.
Find Us
Twitter Facebook Google+

Windows 10 Forums