Recently, Juan Diego, a security researcher based in Columbia who immediately informed the tech giant Microsoft about a severe security flaw in Windows through which your Windows login details can be stolen very easily by hackers that also without your interaction.
BEWARE! Your Windows Login Details Can Be Stolen By Hackers Without Your Interaction
The security of all our data is increasingly a hot topic for most, since attacks that take advantage of vulnerabilities of all kinds in our equipment, systems, and software, grow with the passage of time and at the same time become more dangerous.
That is why from time to time researchers and security experts continue to make us realize that the Windows operating system is sometimes full of vulnerabilities that can be exploited by computer attackers, all in order to steal our personal data, as we will see below.
So, one of these important security flaws was repaired by Redmond in the last patch on Tuesday and we will talk about next. Specifically, this patch has had to deal with a dangerous attack that could help an attacker to steal the Windows NT LAN Manager password, also known as NTLM, remotely and at the same time block the vulnerable computer.
It should be noted that the problems related to the aforementioned Microsoft NTLM architecture are widely known, however, as a general rule, the exploitation attempts, in this case, require the intervention of the users.
New vulnerability in Windows allows stealing startup data
However, in this last attack vector, interaction with the user is not required at any time and the task is also completed remotely. Therefore to perform the same on Windows NTLM, the attacker needs to put a malicious SCF file in a publicly shared Windows folder, since having a public folder without password protection is common in almost all Windows environments.
Thus, once this is done, a mysterious error helps the attacker to collect the hash of the NTLM password of the victim and then upload it to a preconfigured server.
This attack was discovered and communicated to the firm by Juan Diego, a security researcher based in Columbia who immediately informed the tech giant Microsoft of the problem in April, which was corrected 148 days later in the form of Safety notice ADV170014.
In this way, to correct this bug, the tech giant Microsoft has changed two registry keys to deactivate NTLM in the system. However, as these keys are only available in Windows 10 and Windows Server 2016, they are the only versions that are being patched in this regard.
To finish we will say that the cause of this vulnerability is still inexplicable, so as usual, users are advised to update the system with this patch as soon as possible.
So, what do you think about this? Simply share your views and thoughts in the comment section below.