Security loopholes are nothing new, but the one we are going to talk about was discovered in 1997 and surprisingly it has once again surfaced on Windows 8. Only this time the bug has been found to be a potential threat since it would be able to leak the user’s Microsoft Account login and password information.
Windows login data leak
The bug has been present in all iterations of the Windows Operating system starting from Windows 95.
Now just imagine the potential havoc this would cause! Since the Microsoft Account login is also used to access OneDrive, Outlook, Office, Mobile, Bing, Xbox Live, MSN and Skype it just becomes only more potential.
This is how the exploit takes place, the default User Authentication Settings of Edge allows the browser to connect to the local network shares but fails to block the remote shares. All the attacker needs to do is setup a network share and lure the victim by sending an embedded link to the share.
The very instance link is opened in your browser, the link will connect to the share. Next, the attacker will be able to download in plain text the users NTLMv2 hash of the login pass. While this might have not actually been such a big compromise way back in 1997 but with the increased use of the Microsoft Account login, it is just so much dangerous. In order to
In order to minimize the risk use a strong firewall and at least for the time being avoid using Internet Explorer or Edge and Outlook. For the records, Firefox and Chrome remain unaffected. They also suggest that you use a local account for login, till the loophole is fixed.
Visit the source link if you wish to take a test demonstrating the exploit and learn more about it.
- Tags: Microsoft Account