Microsoft Windows weakness back

Written by on April 13, 2015 in News with 0 Comments

Microsoft Corp shareholders look at Microsoft products before the start of the annual shareholders' meeting in Bellevue, WashingtonSEATTLE (Reuters) – Computer security researchers said they have uncovered a new variation on an old weakness in Microsoft Corp’s Windows operating system that could theoretically allow hackers to steal login credentials from hundreds of millions of PCs.

The vulnerability, named ‘Redirect to SMB’ by security firm Cylance, is similar to one found in the late 1990s that took advantage of a weakness in Windows and Microsoft’s Internet Explorer browser which made it possible for attackers to trick Windows into signing on to a server controlled by hackers.

According to Cylance, if a hacker can get a Windows user to click on a bad link in an email or on a website, it can essentially hijack communications and steal sensitive information once the user’s computer has logged on to the controlled server.

The technique takes advantage of features in Windows Server Message Block, commonly known as SMB. The new variation, discovered by Cylance researcher Brian Wallace, has so far only been recreated in the laboratory and has not been seen on computers in the outside world.

Microsoft said the threat posed by the purported weakness was not as great as Cylance supposed.

“Several factors would need to converge for a ‘man-in-the-middle’ cyberattack to occur. Our guidance was updated in a Security Research and Defense blog in 2009, to help address potential threats of this nature,” said Microsoft in an emailed statement. “There are also features in Windows, such as Extended Protection for Authentication, which enhances existing defenses for handling network connection credentials.”

(Reporting by Bill Rigby; Editing by Marguerita Choy)

Tags:

About the Author

About the Author: From our press centre we select the top industry news stories from the leading online publications and wire services and bring them straight to you. .

Subscribe

If you enjoyed this article, subscribe now to receive more just like it.

Subscribe via RSS Feed

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Top