• Home
  • Privacy Policy
  • Contact Us !

knowtive

  • Home
  • Home
  • Android
  • Gaming
  • Operating System
    • Windows
    • Apple
  • Inspiration
  • Business
  • Software
    • Web Design
  • News
    • Social Media
    • Latest Internet News
Home  »  Windows   »   Old Microsoft Account credentials vulnerability remains in Windows 10

Old Microsoft Account credentials vulnerability remains in Windows 10

Subhadip 4/08/2016 Comments off

As secure as Microsoft is touting Windows 10 to be, the remnants of older versions may still be putting new users at risk.

According to a research project highlighted by a ghacks.net reporter, there is a legacy bug that dates back all the way to Windows 95 that is putting Windows 8 and 10 users at risk when entering Microsoft Account credentials into some areas.

What happens is the following: Microsoft Edge, Internet Explorer, Outlook and other Microsoft products allow connections to local network shares. What the default settings don’t prevent on top of that is connections to remote shares.

An attacker could exploit this by creating a website or email with an embedded image or other content that is been loaded from a network share.

Microsoft products like Edge, Outlook or Internet Explorer, try to load the network share resource and send the active user’s Windows login credentials, username, and password to that network share.

The username is submitted in plaintext, the password as an NTLMv2 hash.

Perhaps the reason this vulnerability hadn’t been highlighted in versions older than Windows 8 and 10 is the fact that newer releases now encourage and use a Microsoft Account ID as the default sign in method. The move to a Microsoft Account login is unlike when users on Windows 7 and older would use the more standard local username and password when accessing Windows.

Ghacks.net does a deep dive into the issues that arise because of the vulnerability and also provide a link to a proof of concept web page intended to test a user’s underlying system for the vulnerability.

Note: Use and test the web page at your own discretion, WinBeta is not encouragingthe use of the proof concept web page.

 

[Source: Winbeta]

Tweet
Pin It

About Author

subhadip

Related Posts

  • Windows Downdate: Minimization Assaults Utilizing Windows Updates
  • Windows Desktop Specialist: Sample Resume and Required Skills
  • Delivering Windows 10 Form 19045.4713 to Beta and Delivery Review Channels
  • Add That Retro Linux Wobbly Window Animation to Windows 10
  • Subscribe to Blog via Email

  • Breaking News

    • Ten Proven Benefits of Blogging for Business Success Over the Long Run
      By admin
    • Key Phases in Achieving a Smooth CMMC Certification Assessment for CMMC DoD ContractorsKey Phases in Achieving a Smooth CMMC Certification Assessment for CMMC DoD Contractors
      By admin
    • How Metacore Scaled Merge Mansion With a Stellar Live Event Strategy
      By admin
    • How to treat your blog like a business and start actually making money!
      By admin
    • Creating a Cohesive Digital Marketing CampaignCreating a Cohesive Digital Marketing Campaign
      By admin
    • Make Their Every Moment Special and Colourful with Our Partywear Collection
      By admin
  • Treading News

    • Meet the man behind Comic Sans
      By Catherine Garcia
    • 11 MUST-FOLLOW WEB DESIGN BLOGS
      By Loknath Das
    • Web Design Agency Websites Depot to Host Google Partner Event
      By Catherine Garcia
    • The all new Twitter experience, handcrafted for Windows 10
      By Subhadip
    • Master Essential Web Design Tools While Earning Professional Accreditation
      By Loknath Das
    • Use These Web Design Tricks to Grow Your Business Exponentially
      By Loknath Das
    • What is website composition? A complete aide
      By admin
    • Comics of the week #372
      By Subhadip
    • Increment commitment on Facebook posts
      By admin
    • This Amazing Website Helps You Detect if The Latest Viral Photo Was Faked
      By Loknath Das
    • Designing effective web surveys
      By Subhadip
    • Introducing Google Tag Manager for Real World Tags
      By Subhadip
  • Find Us

    Find Us
knowtive Copyright © 2025.
Theme by KnowTive