Vulnerability affecting Microsoft Windows Version 8 and later

Microsoft | Aug 3, 2016 | Master3395

May cause the Windows Live login details being eksfiltrert

NorCERT will inform you about a vulnerability affecting Microsoft Windows
version 8 and later.
The vulnerability was discovered in 1997 [1] and is present in all Windows
systems since Windows 95 / NT, but gives only figures in the newer versions of
Microsoft Windows.

The vulnerability has previously led the username and email addresses have been leaked,
and hashed NTLMv2 password from the user's Microsoft Live account, provided that such
account is linked to its Windows client.

This vulnerability is a flaw where Edge / Internet Explorer / Outlook
allowed to be connected to external file directories (SMEs).
An attacker could exploit this vulnerability by sending a link to the external
Albums, and if the link is visited will login details related
user Live account will be sent in plain front.

This is an old vulnerability where it previously only been possible to
retrieve login details for local user, but as newer
versions of Windows using Microsoft Live account as the default login
these details could now be eksfiltrert.

A Microsoft Live account used for purposes including logging of the following

Recommended harm reduction measures are:

Do not use the Microsoft software that accesses the network sites over the Internet (such as Internet Explorer, Edge and Outlook)
Utilizing a strong login password that will be harder to crack
Do not use Microsoft Live account login on your local Windows machine

Keywords: microsoft, windows10

Author: Master3395


comments powered by Disqus

Page 1 of 376  >  >>

Netflix drops Apple's new service


Mar 21, 2019 | Category: General | Comments

- We prefer customers to see our content on our own service.

read more…

Working hard to preserve all public posts on Google+


Mar 20, 2019 | Category: Google | Comments

Now it will not be long.

read more…

New Window Defender Extension Launches - Insecure Websites Open in Edge


Mar 19, 2019 | Category: General | Comments

Works in Chrome and Firefox.

read more…

Page 1 of 376  >  >>