As secure as Microsoft is touting Windows 10 to be, the remnants of older versions may still be putting new users at risk.
According to a research project highlighted by a ghacks.net reporter, there is a legacy bug that dates back all the way to Windows 95 that is putting Windows 8 and 10 users at risk when entering Microsoft Account credentials into some areas.
What happens is the following: Microsoft Edge, Internet Explorer, Outlook and other Microsoft products allow connections to local network shares. What the default settings don’t prevent on top of that is connections to remote shares.
An attacker could exploit this by creating a website or email with an embedded image or other content that is been loaded from a network share.
Microsoft products like Edge, Outlook or Internet Explorer, try to load the network share resource and send the active user’s Windows login credentials, username, and password to that network share.
The username is submitted in plaintext, the password as an NTLMv2 hash.
Perhaps the reason this vulnerability hadn’t been highlighted in versions older than Windows 8 and 10 is the fact that newer releases now encourage and use a Microsoft Account ID as the default sign in method. The move to a Microsoft Account login is unlike when users on Windows 7 and older would use the more standard local username and password when accessing Windows.
Ghacks.net does a deep dive into the issues that arise because of the vulnerability and also provide a link to a proof of concept web page intended to test a user’s underlying system for the vulnerability.
Note: Use and test the web page at your own discretion, WinBeta is not encouragingthe use of the proof concept web page.