Grateful hat tip to Swordmaker for the heads-up!
Posted on 04/13/2015 6:45:42 PM PDT by Utilizer
Security researchers at Cylance have discovered a serious vulnerability in all supported versions of Windows that can allow a potential hacker who has control of some portion of a victim’s network traffic to steal users’ credentials for valuable services.
Cylance researchers disclosed the vulnerability today on their website in which they said that their study is an extension to a similar research done by Aaron Spangler in 1997.
(Excerpt) Read more at techworm.net ...
Seems to be a modification of a previous flaw but it potentially affects a great number of machines so it might bear looking at.
Secondary reference article (similar info):
Software made for advertisers to stream crapola into and NSA to stream data out of computers found easy to hack
From iTnews:
“In the latest variation of the technique, Cylance said users could be hacked without even clicking on a link, if attackers intercept automated requests to log on to a remote server issued by applications running in the background of a typical Windows machine, for example to check for software updates.
“The attack takes advantage of features in Windows Server Message Block, commonly known as SMB. The new variation, discovered by Cylance researcher Brian Wallace, has so far only been recreated in a lab and has not been seen on computers in the outside world.
“Cylance said the flaw affected all versions of Windows - including the yet-to-be-released Windows 10 operating system - as well as software from at least 31 companies including Adobe, Apple, Box, Microsoft, Oracle and Symantec.
Grist for your Ping list,
Forgot to post entire title. Full:
“New Redirect to SMB Flaw in all Windows versions including Windows 10 allows hackers to steal login credentials”.
Reason №46 as why I don’t use SMB/Samba/NT folder sharing.
I’m sure you can get away with that in home network, but it’s not really an option on a large enterprise.
It’s not an option here either. I have found that I MUST run Samba and the NT services to share any ‘doze drives or partitions with the various flavours of OS’ I run here, and this particular one is not working too well at that.
Keeps insisting on a User Login and Password, but while it will accept the users I do have it simply seems to choke at the password and keep on demanding the identical information no matter what I do.
Bloody annoying.
Grateful hat tip to Swordmaker for the heads-up!
SMB has historically been the source of many security holes.
Ahhh, I love the smell of an SMB security thread in the middle of the night.
Actually, I thought that title rightfully belonged to Java -and Flash, of course, and the various browsers that were critically dependent upon it/them.
However you could be right. :)
Some flaws are worse than others. When it comes down to it, the only truly secure computer is a standalone computer....Else it take lots of network slowing processes and eternal vigilance to protect and defend any network/computer.
Sorry to burst your bubble, Util, but this affects Apple as well.
The problem is already rectified in newer browsers such as Firefox and Chrome since any direct-to-SMB call is going to be followed up with a request for credentials since kernel mode access to the user hive is unique to IE.
Also remember that SMB is not unique to Windows insomuch as any other platform can use some variant of SMB (i.e. Samba). This is also not so much a vulnerability as a flaw. If you can scrub your egress points with a proxy or firewall to prevent outbound file:// calls, you're relatively safe. If, however, the attacker is inside your network and sets up something on a local webserver that can sniff the inbound authentication traps from users attempting to access compromised machine, then you're screwed anyway; first by the fact you have a rogue internal operator and then by the fact your websites have been compromised.
My guess on Microsoft's fix: do not address direct-to-SMB calls through a browser call. Note that this does NOT affect UNC pathing or access via mapped drive.
Java and Flash, the bane of my existence. I no sooner get my domain updated with the latest Flash and Java and a new version has to be deployed.
Yeah, no real way around it. We ran into a funny issue where our Macs that were running Yosemite had glitchy issues connecting to a Samba 3 share on our SAN. Mavericks didn’t have the issue.
The fact that SMB has been broken pretty much since its introduction does not, in any way, let Java and Flash off the hook for their awful record. :-)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.