YIBADA

Cylance Discovers New Windows Security Flaw Allowing Hackers To Steal Username, Password

| Apr 14, 2015 04:40 AM EDT

MS Windows

Security firm Cylance reported a new security loophole in the Windows platform that could allow hackers to steal usernames and password.

According to Cylance, if left unpatched, hackers can take advantage of the loophole and can cause serious security issues. Cylance added that Microsoft was already informed of the problem but has not taken any step to develop a fix.

The flaw, known as Redirect to SMB, can be exploited by using a man-in-the-middle type of attack. Cylance said that companies whose computer system rely on the Windows platform can be infiltrated.

The main attack point of the new flaw is the SMB or server message block. SMB is a protocol used by many companies in sharing files from its server across the entire company network.

At least 31 computer programs and several companies were also discovered to be vulnerable to this security flaw. Among those mentioned were Internet Explorer, Microsoft Excel 2010, Apple QuickTime, Adobe Reader and Norton Security Scan.

On the other hand, Microsoft has already acknowledged the existence of the SMB flaw. The company said that appropriate security steps were already rolled-out to its users since 2009. The company added that Cylance is just exaggerating the situation.

A Microsoft spokesperson said, "We don't agree with Cylance's claims of a new attack type. Several factors would need to come together for this type of cyberattack to work, such as success in luring a person to enter information into a fake website."

According to Cnet, all personal computers running Windows 8.1 or earlier are prone to this new unpatched security flaw.  The flaw has some similarity to a Windows bug that was discovered in 1997 by Aaron Spangler which allows the system to automatically give out username and passwords into a fake server.

Related News

Most Popular

EDITOR'S PICK