• Home
  • Privacy Policy
  • Contact Us !

knowtive

  • Home
  • Home
  • Android
  • Gaming
  • Operating System
    • Windows
    • Apple
  • Inspiration
  • Business
  • Software
    • Web Design
  • News
    • Social Media
    • Latest Internet News
Home  »  Windows   »   Old Microsoft Account credentials vulnerability remains in Windows 10

Old Microsoft Account credentials vulnerability remains in Windows 10

Subhadip 4/08/2016 Comments off

As secure as Microsoft is touting Windows 10 to be, the remnants of older versions may still be putting new users at risk.

According to a research project highlighted by a ghacks.net reporter, there is a legacy bug that dates back all the way to Windows 95 that is putting Windows 8 and 10 users at risk when entering Microsoft Account credentials into some areas.

What happens is the following: Microsoft Edge, Internet Explorer, Outlook and other Microsoft products allow connections to local network shares. What the default settings don’t prevent on top of that is connections to remote shares.

An attacker could exploit this by creating a website or email with an embedded image or other content that is been loaded from a network share.

Microsoft products like Edge, Outlook or Internet Explorer, try to load the network share resource and send the active user’s Windows login credentials, username, and password to that network share.

The username is submitted in plaintext, the password as an NTLMv2 hash.

Perhaps the reason this vulnerability hadn’t been highlighted in versions older than Windows 8 and 10 is the fact that newer releases now encourage and use a Microsoft Account ID as the default sign in method. The move to a Microsoft Account login is unlike when users on Windows 7 and older would use the more standard local username and password when accessing Windows.

Ghacks.net does a deep dive into the issues that arise because of the vulnerability and also provide a link to a proof of concept web page intended to test a user’s underlying system for the vulnerability.

Note: Use and test the web page at your own discretion, WinBeta is not encouragingthe use of the proof concept web page.

 

[Source: Winbeta]

Tweet
Pin It

About Author

subhadip

Related Posts

  • Windows Downdate: Minimization Assaults Utilizing Windows Updates
  • Windows Desktop Specialist: Sample Resume and Required Skills
  • Delivering Windows 10 Form 19045.4713 to Beta and Delivery Review Channels
  • Add That Retro Linux Wobbly Window Animation to Windows 10
  • Subscribe to Blog via Email

  • Breaking News

    • How to treat your blog like a business and start actually making money!
      By admin
    • Creating a Cohesive Digital Marketing CampaignCreating a Cohesive Digital Marketing Campaign
      By admin
    • Make Their Every Moment Special and Colourful with Our Partywear Collection
      By admin
    • Getting the Hang of Using the Ladder of Inference
      By admin
    • AI startups can apply for our Google for Startups Cloud AI Accelerator now
      By admin
    • A reminder that blogging is not a business
      By admin
  • Treading News

    • Master Essential Web Design Tools While Earning Professional Accreditation
      By Loknath Das
    • The Web Design Trends Shaping E-Commerce in 2018
      By Loknath Das
    • Comics of the week #352
      By Subhadip
    • Top Web Design Trends To Look Forward To In Q4 2017
      By Loknath Das
    • Web design & graphics agency scoops national award for web development project of the year
      By Loknath Das
    • 9 brilliant website architecture sites to follow
      By admin
    • Increment commitment on Facebook posts
      By admin
    • Vivaldi 1.3 is a bold new vision for browsers
      By Catherine Garcia
    • 8 Urgent B2C Showcasing Standards to Assist Your Image With helping Deals
      By admin
    • Outsourcing Web Design – What You Need to Know
      By Loknath Das
    • A nostalgic journey through the evolution of web design
      By Loknath Das
    • Designing effective web surveys
      By Subhadip
  • Find Us

    Find Us
knowtive Copyright © 2025.
Theme by KnowTive