Researchers identify attack technique, all Windows versions at risk

April 13, 2015 – 6:27 PM

Researchers with Cylance have identified a new attack technique – built on a vulnerability identified nearly 20 years ago by Aaron Spangler – that can enable the theft of user credentials from PCs, tablets and servers running any version of Windows, according to a Monday post by Cylance.

The “Redirect to SMB” technique involves intercepting HTTP requests – which are used by many software products and can be intercepted via man-in-the-middle (MitM) attacks – and redirecting victims to a malicious Server Message Block (SMB) server, a Carnegie Mellon University CERT advisory indicated.

“If the redirect is a file:// URL and the victim is running Microsoft Windows, Windows will automatically attempt to authenticate to the malicious SMB server by providing the victim’s user credentials to the server,” the advisory said.

Cylance identified 31 exploitable software packages, some of which include Adobe Reader, Apple QuickTime, Apple Software Update, Internet Explorer, Windows Media Player, Excel 2010, Symantec’s Norton Security Scan, BitDefender Free, and Comodo Antivirus, according to the post.

The information that is stolen in the attack includes the victim’s username, domain and hashed password, the post stated.


You must be logged in to post a comment.