Windows security flaw could lead to login theft, researchersclaim

(Image: CNET/CBS Interactive)

Security researchers have discovered a new variation of a flaw that could in theory allow for thetheft of usernames and passwords from millions of Windows PCs, servers, and tablets.

The new vulnerability, discovered by security firm Cylance, affects every version of Windows,including the latest Windows 10 preview, which has yet to be formally released.

The "Redirect to SMB" vulnerability builds on a flaw first discovered in 1997 by exploiting theWindows Server Message Block (SMB). Researchers say a user can be tricked into clicking a

specially crafted link, which can attempt to authenticate with a malicious server. The encryptedusername and password combinations used to access the server could be logged, and later crackedby a brute-force attack.

Cylance warned the flaw could be exploited without necessarily clicking a link, such as through aman-in-the-middle attack by a background Windows program, like a software updater.

A number of third-party companies' software is affected by the vulnerability, including Adobe, Apple,Box.com, and Oracle -- among others.

The bug is serious enough for the CERT security advisory team at Carnegie Mellon University, whichtracks bugs and security issues, to issue an advisory, warning that it was "unaware of a full solution"to the problem.

But Microsoft played down fears that it was a new, or even a serious vulnerability.

"Several factors would need to converge for a 'man-in-the-middle' cyberattack to occur," saidMicrosoft, in an emailed statement to Reuters. "Our guidance was updated in a Security Researchand Defense blog in 2009, to help address potential threats of this nature. There are also features inWindows, such as Extended Protection for Authentication, which enhances existing defenses forhandling network connection credentials."

It's not clear if Microsoft will fix the flaw in a later update. Microsoft did not immediately respond tocomment at the time of writing.

http://zdnet.com.feedsportal.com/c/35462/f/675866/s/455b578b/sc/15/l/0L0Szdnet0N0Carticle0Csmb0Esecurity0Eflaw0Eaffects0Eevery0Eversion0Eof0Ewindows0C0Tftag0FRSSbaffb68/story01.htm