Cylance security firm says it has found a vulnerability in Windows that would allow hackers to steal the names and codes of safety of users of the operating system. But Microsoft has downplayed the report.
Any desktop, tablet or server running the Windows operating system 8.1 or earlier – and even devices that are running Windows 10 – is susceptible to the vulnerability Cylance revealed Monday. The company, called the attack “Redirect to SMB,” says the vulnerability is related to a similar bug that was first discovered in Windows in 1997. The ruling, discovered by researcher Aaron Spangler, Windows automatically provided the username and security code to what I thought was a server. Cylance claims that Microsoft never noticed this flaw.
SMB (server message block, which translates as the server message block) is located in the center of this failure. SMB is a protocol for sharing files over a network. In Windows, SMB is often used to share files through a company network.
According to Cylance an attack “Redirect to SMB” requires that the victim enter the word “file: //” followed by the address or click on a malicious link. Because of this failure, Windows assumes that the link is an attempt by the user to access a file on a server, and thus automatically provides user credentials.
Once hackers get the credentials, you will see that the security codes are encrypted. However, Cylance states that a person who has a first-class GPU “can decipher any code of 8 characters consisting of letters (uppercase and lowercase) and numbers in less than half a day.”
There is debate, however, about the seriousness of this failure. It has known of this problem for years, and Microsoft offered guidance on how to protect against this ruling in 2009.
On Monday, Microsoft downplayed the “discovery” of Cylance to note that it is not new and that the odds of being victims of this attack are minimal.
“We disagree with the assertions of Cylance that there is a new kind of attack. Cybercriminals are still involved in a series of vicious tactics,” said a Microsoft spokesman. “However, you have to gather several factors for this type of attack is concretized, for example, that a user enters information into a fake website. We encourage people to not open links that come in emails from senders They do not know and do not visit Web sites that are not safe. ”
Cylance reported that it has found 31 programs that are susceptible to failure, including Internet Explorer and Excel 2010. The company also found that Adobe Reader, Apple QuickTime and Symantec Norton Security Scan can also be victims of the attack. Carnegie Mellon University, who also described the vulnerability after discovering in turn, noted that most of the applications that target Internet to check for software updates, for example, are vulnerable to failure.