• Home
  • Privacy Policy
  • Contact Us !

knowtive

  • Home
  • Home
  • Android
  • Gaming
  • Operating System
    • Windows
    • Apple
  • Inspiration
  • Business
  • Software
    • Web Design
  • News
    • Social Media
    • Latest Internet News
Home  »  Windows   »   Old Microsoft Account credentials vulnerability remains in Windows 10

Old Microsoft Account credentials vulnerability remains in Windows 10

Subhadip 4/08/2016 Comments off

As secure as Microsoft is touting Windows 10 to be, the remnants of older versions may still be putting new users at risk.

According to a research project highlighted by a ghacks.net reporter, there is a legacy bug that dates back all the way to Windows 95 that is putting Windows 8 and 10 users at risk when entering Microsoft Account credentials into some areas.

What happens is the following: Microsoft Edge, Internet Explorer, Outlook and other Microsoft products allow connections to local network shares. What the default settings don’t prevent on top of that is connections to remote shares.

An attacker could exploit this by creating a website or email with an embedded image or other content that is been loaded from a network share.

Microsoft products like Edge, Outlook or Internet Explorer, try to load the network share resource and send the active user’s Windows login credentials, username, and password to that network share.

The username is submitted in plaintext, the password as an NTLMv2 hash.

Perhaps the reason this vulnerability hadn’t been highlighted in versions older than Windows 8 and 10 is the fact that newer releases now encourage and use a Microsoft Account ID as the default sign in method. The move to a Microsoft Account login is unlike when users on Windows 7 and older would use the more standard local username and password when accessing Windows.

Ghacks.net does a deep dive into the issues that arise because of the vulnerability and also provide a link to a proof of concept web page intended to test a user’s underlying system for the vulnerability.

Note: Use and test the web page at your own discretion, WinBeta is not encouragingthe use of the proof concept web page.

 

[Source: Winbeta]

Tweet
Pin It

About Author

subhadip

Related Posts

  • Add That Retro Linux Wobbly Window Animation to Windows 10
  • Slack patches vulnerability in Windows client that could be used to hijack files
  • Latest Microsoft Windows 10 update offers good news for Apple and Android
  • Personalized content at a glance: Introducing news and interests on the Windows 10 taskbar
  • Subscribe to Blog via Email

  • Breaking News

    • The Importance of Conducting a Product Market Fit Survey
      By admin
    • The Impact of Remote Patient Monitoring on Healthcare SystemsThe Impact of Remote Patient Monitoring on Healthcare Systems
      By admin
    • The Benefits of Having an Alcohol Permit
      By admin
    • Die-Cut Components for Plastic Molding
      By admin
    • Where to Dispose of Electronic Waste
      By admin
    • Disadvantages of Electronic Locks
      By admin
  • Treading News

    • Meet the man behind Comic Sans
      By Catherine Garcia
    • The latest in Web design? Retro web sites inspired by the ’90s
      By Catherine Garcia
    • Best web design software for Mac
      By Catherine Garcia
    • Web Design Agency Websites Depot to Host Google Partner Event
      By Catherine Garcia
    • Vivaldi 1.3 is a bold new vision for browsers
      By Catherine Garcia
    • Divi 2.7 introduces A/B testing for WordPress
      By Catherine Garcia
    • 11 MUST-FOLLOW WEB DESIGN BLOGS
      By Loknath Das
    • 19 of the Best Landing Page Design Examples You Need to See in 2021
      By Loknath Das
    • Use These Web Design Tricks to Grow Your Business Exponentially
      By Loknath Das
  • Find Us

    Find Us
knowtive Copyright © 2023.
Theme by KnowTive