Security firm Cylance has recently uncovered a security problem that leaves any device running Windows 8.1 or earlier vulnerable to attack. The Windows vulnerability exposes the Windows username and password when a user clicks on a malicious link or URL.
“Redirect to SMB” Windows vulnerability
Called “Redirect to SMB”, the vulnerability is very similar to a flaw discovered by a security researched named Aaron Spangler in 1997. Cylance says that the flaw was never patched by Microsoft, and the new hack that exploits it targets the SMB file sharing protocol.
Whenever the victim enters a URL that starts with “file://” or clicks on a malicious link, Windows is tricked into thinking that the user is trying to access files on a server, and because of this, Windows will try to authenticate itself on the server and reveal the user’s login details.
The username is exposed, but the password is encrypted. However, Cylance says that anyone with a powerful GPU (graphics card, effectively) can decode the encryption. For example, to crack an 8-character password can be done in half a day or less.
Microsoft downplays threat
Microsoft is of course downplaying the threat, saying that many things have to happen at once to create the perfect storm, if you will.
“We don’t agree with Cylance’s claims of a new attack type. Cybercriminals continue to be engaged in a number of nefarious tactics,” a Microsoft spokesperson said. “However, several factors would need to come together for this type of cyberattack to work, such as success in luring a person to enter information into a fake website. We encourage people to avoid opening links in emails from senders that they don’t recognize or visiting unsecure sites.”
There is no word yet if or when a patch to the security flaw might arrive.
Cylance says that at least 31 programs are affected by the SMB flaw, including software like Internet Explorer, Excel 2010, Adobe Acrobat Reader and even Symantec’s Norton Security Scan.