New hacking technique can help attackers get login credentials and personal information from Windows PCs or servers

  • Team Omega
  • April 23, 2015

Reuters reports that, ‘there is a new variation on an old weakness in Microsoft Corp’s Windows operating system that could theoretically allow hackers to steal login credentials from hundreds of millions of PCs has been exposed.’

According to the security firm Cylance, if a hacker can get a Windows user to click on a bad link in an email or on a website, it can essentially hijack communications and steal sensitive information once the user’s computer has logged on to the controlled sever.

Microsoft, however, rebutted on this vulnerability and said, “Several factors would need to converge for a ‘man-in-the-middle’ cyber attack to occur. Our guidance was updated in a Security Research and Defense blog in 2009, to help address potential threats of this nature,” said Microsoft in a statement emailed to Reuters. “There are also features in Windows, such as Extended Protection for Authentication, which enhances existing defenses for handling network connection credentials,” Microsoft added.

If the vulnerability is as serious as Cylance claims, it could endanger millions of Windows-based devices and popular software such as Adobe Reader, Apple QuickTime, Microsoft’s Internet Explorer and Excel, as well as Symantec’s Norton Security Scan.

There are no complete solutions to the problem but the Software Engineering Institute at Carnegie Mellon University shared several ways of minimizing the vulnerability.

For details, go to the Cylance blog post, CRET vulnerability note and the Reuters report.

Talk to Omega if you need assistance with your network security. Phone 636-557-7777. Or reach out to us through the online contact form.