Thursday, August 6, 2015
“You visit a website you are done. You are pwned,” (Because of a 14 year old Windows Vulnerablity ). It does not matter if you use Windows Edge (in Windows 10).
Scary news , now got scarier!
Oh Yeah, Windows 10 OS too
and
the new Edge browser too.
From the Article
A Windows vulnerability in the SMB file-sharing protocol discovered 14 years ago and partially patched by Microsoft could still be abused via remote attacks,
Affects Internet Explorer running on all versions of Windows, even in the newly released Windows 10. It would be the first remote code exploit for the new operating system. It also affects Windows Edge, the researchers said
The researchers discovered that it was possible to steal the credentials remotely and impersonate users from the Internet.
The adversary waits for these automated systems to turn on and start scanning all the hosts on the network, atwhich point it grabs the login credentials. The attack was sucessful as soon as users were tricked into loading an image file in Internet Explorer
users are tricked into visiting a website controlled by the attackers, which then captures the user's username in plaintext and the hash of the user's password. The password can be cracked in a manner of days because it uses an obsolete hashing algorithm
The attacker hijacks the challenge/response exchange, by waiting for someone else on the network to authenticate against any system on the network.
For More info:
http://www.darkreading.com/vulnerabilities---threats/new-smb-relay-attack-steals-user-credentials-over-internet/d/d-id/1321633
Labels:
serious,
Vulnerability,
windows
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment