Windows 10: 18-year-old Windows bug allows attackers to harvest credentials


  1. Posts : 13,358
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
       16 Apr 2015 #1

    18-year-old Windows bug allows attackers to harvest credentials


    This week, security researchers at Cylance disclosed a vulnerability in Server Message Block (SMB) that allows attackers to harvest user credentials from any Windows computer, server, or tablet, including those running the Windows 10 Technology Preview.

    The attack is relatively trivial to execute, requiring the user to input a malicious "file://" URL, click a similarly malicious link, or use any program that could automatically attempt to load such a link, such as generating a thumbnail for a linked image on a maliciously-coded page. Accessing this link leads to an authentication attempt by Windows. When combined with a man-in-the-middle attack, this exploit can be used to capture user credentials.
    When a fix will be available

    If you do not have a need for SMB functionality, your best bet is to block outbound traffic on TCP 139 and 445 in your firewall. If you do and are waiting on an official fix from Microsoft, prepare to be disappointed.

    18-year-old Windows bug allows attackers to harvest credentials - TechRepublic
      My ComputerSystem Spec


  2. Posts : 713
    Windows 10 Build 14267
       16 Apr 2015 #2

    18 year !!!

    It's a legal age bug... lol...

      My ComputerSystem Spec

  3.    25 Apr 2015 #3

    Barely legal.
      My ComputerSystem Spec


  4. Posts : 14,948
    Microsoft Windows 10 Pro 64-bit 14393, Windows 10 Insider Fast Ring, Windows 8.1 Update, Ubuntu
       25 Apr 2015 #4

    Sorry in my book if it can't by beer, it's not of age
      My ComputersSystem Spec


 

Related Threads
Hi all, first post here. Am trying to install build 10074 on a freshly formatted (no dual boot) 256GB SSD in my Dell XPS 12 via USB. I get through the installation, reboot, do the initial setup, provide my MS account, then get stuck. White...
Businesses switching to Windows 10 for Enterprise won't be getting the operating system as a free upgrade within the first year of release and it will be updated differently as well. Back in October, it was reported that Microsoft was working on a...
Source....
I suppose I don't have a "real" problem with using a Live ID to log in to Windows 9 (should they abandon local user names, as I hear they just might). My concern would be logging in to Windows NT based servers, or Windows NT domains. Would Live ID...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 21:40.
Find Us