May cause the Windows Live login details being eksfiltrert
May cause the Windows Live login details being eksfiltrert
NorCERT will inform you about a vulnerability affecting Microsoft Windows
version 8 and later.
The vulnerability was discovered in 1997 [1] and is present in all Windows
systems since Windows 95 / NT, but gives only figures in the newer versions of
Microsoft Windows.
The vulnerability has previously led the username and email addresses have been leaked,
and hashed NTLMv2 password from the user's Microsoft Live account, provided that such
account is linked to its Windows client.
This vulnerability is a flaw where Edge / Internet Explorer / Outlook
allowed to be connected to external file directories (SMEs).
An attacker could exploit this vulnerability by sending a link to the external
Albums, and if the link is visited will login details related
user Live account will be sent in plain front.
This is an old vulnerability where it previously only been possible to
retrieve login details for local user, but as newer
versions of Windows using Microsoft Live account as the default login
these details could now be eksfiltrert.
A Microsoft Live account used for purposes including logging of the following
services:
Recommended harm reduction measures are:
Do not use the Microsoft software that accesses the network sites over the Internet (such as Internet Explorer, Edge and Outlook)
Utilizing a strong login password that will be harder to crack
Do not use Microsoft Live account login on your local Windows machine