News A new security flaw in Microsoft Windows allows hackers to steal users' login credentials: Researche

[Deepu]

Computer security researchers said they have uncovered a new variation on an old weakness in Microsoft's Windows operating system that could theoretically allow hackers to steal login credentials from hundreds of millions of PCs.

The vulnerability, named 'Redirect to SMB' by security firm Cylance, is similar to one found in the late 1990s that took advantage of a weakness in Windows and Microsoft's Internet Explorer browser which made it possible for attackers to trick Windows into signing on to a server controlled by hackers.

According to Cylance, if a hacker can get a Windows user to click on a bad link in an email or on a website, it can essentially hijack communications and steal sensitive information once the user's computer has logged on to the controlled sever.

A new security flaw in Microsoft Windows allows hackers to steal users' login credentials: Researchers - IBNLive

 

[whitebunny]

This is risky hope they patch this security flaw soon.

 

[Technoglitch]

What about the other browsers?

 

[Sanjeev]

Day by day something or the other flaws is happening in Microsoft Windows

 

[Technoglitch]

even apple IOS is not spared.

 

[whitebunny]

I came to know IOS was most venerable and hit with hacking after I gave a presentation that IOS is most secured and stable OS

 

[NinadG]

18-year-old Unpatched Vulnerability Affects All Versions of Microsoft Windows

Security researchers have unearthed a serious security flaw in all supported versions of Windows that could let hackers steal users’ credentials from computers, tablets or servers running any version of Windows operating system, including the as-yet-released Windows 10.

This vulnerability in Windows was first discovered 20 Years ago:

The critical bug, dubbed "Redirect to SMB," is a variant of a vulnerability found in Windows by researcher Aaron Spangler nearly 18 years ago that caused Windows to expose a user's Windows username and password automatically.

What does Microsoft say about the issue?
Microsoft officials downplayed the Cylance "discovery" and the seriousness of the flaw on Monday, saying that the issue was not new at all....

Who are affected?
Cyclance claims that nearly 31 programs are vulnerable to the SMB flaw, which includes:

• Many widely used applications: Adobe Reader, Apple QuickTime and Apple Software Update that handles iTunes updates
• Microsoft Applications: Internet Explorer, Windows Media Player, Excel 2010, and even Microsoft Baseline Security Analyzer
• Developer Tools: Github for Windows, PyCharm, IntelliJ IDEA, PHP Storm and JDK 8u31’s installer
• Security Tools: .NET Reflector and Maltego CE
• Antivirus Software: Symantec’s Norton Security Scan, AVG Free, BitDefender Free and Comodo Antivirus
• Team Tools: Box Sync and TeamViewer

How do you protect yourself against this flaw?

• The simplest way to protect against this issue is to block outbound traffic from TCP 139 and TCP 445. This could be prevented using a network gateway firewall to prevent only SMB communications to destinations outside of your network.

Read more at: 18-year-old Unpatched Vulnerability Affects All Versions of Microsoft Windows

 

[IndianMascot]

Hackers leave no one. Infact Apple hire hacker to hack Microsoft and Microsoft hire Hackers to hack Google and it continues. .

 

[Technoglitch]

Hackers leave no one. Infact Apple hire hacker to hack Microsoft and Microsoft hire Hackers to hack Google and it continues. .

hackers are hired to find the flaw in the products and test the vulnerability of their products.

 

[NinadG]

Snowden revelations suggests that US govt forces American companies like Microsoft to plant bugs in softwares which can be later exploited for spying......Some of these bugs & flaws are discovered by security experts later....