Critical Security Vulnerability Affects All Windows Versions Including Windows 10

Rafia Shaikh
Posted Apr 14, 2015
32Shares
Share Tweet Submit

A serious vulnerability in Windows has been discovered that could enable hackers to steal users’ date from computers, servers, and other gadgets powered by Windows operating system. This serious flaw is present in the upcoming Window 10 as well and was first discovered in 1997.

Windows security bug ‘Redirect to SMB’:

Security researchers have unearthed a critical vulnerability in Windows operating system which could let anyone steal sensitive data from any Windows PC, tablet or server. The security report indicates that at least 31 companies can be exploited using this vulnerability including:

  • Apple
  • Adobe
  • Bit Defender
  • Microsoft
  • Oracle
  • Symantec
  • Team Viewer

This critical Windows security flaw has been dubbed as Redirect to SMB which is said to be a variant of a vulnerability discovered back in 1997 by a researcher Aaron Spangler. Spangler had discovered the bug to expose a user’s Windows username and password automatically. The vulnerability is reported to be used in targeted attacks by those having at least some control over a victim’s network. However, Microsoft didn’t patch the critical Windows bug after Spangler’s discovery and even now is downplaying the latest research on the Redirect to SMB bug.

We do not agree with Cylance’s claims of a new attack type. Cybercriminals continue to be engaged in a number of nefarious tactics. However, several factors would need to come together for this type of cyber attack to work, such as success in luring a person to enter information into a fake website. We encourage people to avoid opening links in emails from senders that they do not recognize or visiting unsecure sites.

But you don’t need to wait for Microsoft on this and take your security in your own hands. Here are some suggestions derived from the research done by Cylance team:

  • Block outbound traffic from TCP 139 and TCP 335
  • Always keep your software applications up to date
  • And most importantly, create strong passwords
Windows 10 Growth Almost Stops - Over 1.7 Billion Windows Users Haven't Yet Upgraded

Now that we are done with what Microsoft is saying and how you can keep yourself protected against Redirect to SMB hacking attempts, here are some technical details of the flaw as researched by Cylance for those interested.

The Redirect to SMB is used by attackers to hijack communications with web servers via man-in-the-middle attacks. The attackers then send the communications to malicious SMB servers (server message block) where a user having no idea that s/he’s been through MITM attack enters the username and hashed password giving up the credentials to the hackers.

For more details about the vulnerability and research, go to the Cylance website and download their technical research paper.

Share Tweet Submit