The security company Cylance has discovered a new variant of an old vulnerability that theoretically allows the theft of user names and passwords. The “Redirect to SMB” said vulnerability lies among others in all Windows versions, including the current Preview of Windows 10. In addition, Internet Explorer, Windows Media Player, Excel 2010, and Microsoft Baseline Security Analyzer and applications from other vendors are as Adobe Apple , box, Oracle, Symantec and TeamViewer affected.
For the first time the security researcher Aaron Spangler In 1997 a gap in Windows Server Message Block (SMB ) described that allows attackers to bring Windows to log in to a server controlled by them. A beginning with the word “File” brought URL to Internet Explorer to connect to an SMB server at the address specified in the URL. The specially crafted URL could in turn be hidden in an image, an iFrame or other resource that dissolves the browser.
Cylance this gap has now combined with a method to route HTTP requests. “We have created an HTTP server in Python, who answered each question with a simple HTTP 302 status code and clients to a ‘file: // URL’ forwards’, according to a blog post by Cylance. “This allowed us to confirm that an ‘http: // URL’. Could lead to an authentication attempt of the operating system”
A total of four common Windows API functions to allow forwarding of HTTP / HTTPS SMB. Initial tests have shown that they are used by a variety of applications, including software updater. In combination with a man-in-the-middle attack could allow an attacker using the vulnerable applications to authenticate to an SMB server force and intercept transmitted via HTTP or HTTPS data.
Overall, Cylance according to their own Information identified 31 affected applications. These include Adobe Reader, Apple QuickTime, Apple Software Update Symantec Norton Security Scan, AVG Free, Bitdefender Free, Comodo Antivirus, Box Sync, TeamViewer and the installer for the Java Development Kit 8 Update 31st
The researchers expect the gap, especially if the targets are being used, since it can only be exploited if the attacker has already compromised a part of the system of his victim. However, it would be easier in a shared Wi-Fi network. “We have an attack successfully in a home network with a 7 wp_keywordlink>”, the researchers further.
“ Microsoft is reported by Aaron Spangler 1997 problem has not been resolved. We hope that our research Microsoft convinced to examine the susceptibility again and disable authentication with untrusted SMB servers, “writes Cylance employee Brian Wallace.
According to Microsoft, it is at the of Cylance described method is not a new attack. Also, the risk emanating therefrom classifies the software giant is rather unlikely. In order for this type of cyber attack functioning, several conditions must be met, such as a user to persuade to enter their credentials into a fake site. Nevertheless, Microsoft advises again to click on any links in emails from unknown senders or visit unsafe websites.
[With material by Don Reisinger, News.com]
Tip : What do you know about Microsoft? Check your knowledge – with 15 questions on silicon.de
.
No comments:
Post a Comment