Old Windows security flaw resurfaces to steal your login

sincity · April 14, 2015

Security firm Cylance uncovered a security flaw that leaves any device running Windows 8.1 or earlier vulnerable. The Windows vulnerability exposes the user's Windows username and password automatically when a user clicks on a malicious link or URL.

Dubbed "Redirect to SMB," the vulnerability is a variant of a flaw discovered by researcher Aaron Spangler in 1997. Cyclance claims that the flaw was never patched by Microsoft, and the new hack targets the SMB file sharing protocol.

When a victim enters a URL that starts with 'file://' or clicks on a malicious link, Windows is tricked into believing that the user is trying to access a file on a server. Because of this flaw, Windows will try to authenticate itself on the server, revealing the user's login credentials.

Although the username is exposed, the password is encrypted. However, Cyclance claims that any hacker with a high-end GPU can decode the encryption. Cracking an eight-character password can be done in less than half a day.

Microsoft's response

Microsoft officials are downplaying the seriousness of the threat, stating that multiple things have to happen to create the perfect storm.

"We don't agree with Cylance's claims of a new attack type. Cybercriminals continue to be engaged in a number of nefarious tactics," a Microsoft spokesperson told CNET. "However, several factors would need to come together for this type of cyberattack to work, such as success in luring a person to enter information into a fake website. We encourage people to avoid opening links in emails from senders that they don't recognize or visiting unsecure sites."

Microsoft has not stated if or when a patch would arrive.

Cyclance claims that 31 programs are susceptible to the SMB flaw, including commonly used software like the preloaded Internet Explorer browser as well as Microsoft Excel 2010, Adobe Acrobat Reader and even Symantec's Norton Security Scan.