'Redirect to SMB' affects all versions of Windows, including Windows 10

While in the process of hunting for ways to abuse a chat client feature that provides image previews, security researchers at Cylance say they stumbled upon a new technique that hackers could use to pluck sensitive login credentials from any Windows PC, tablet, or server, even ones running previews of Windows 10. Even worse, software from over 30 companies like Adobe, Apple, Box, and others can be exploited with the vulnerability.
Dubbed "Redirect to SMB," the vulnerability allows attackers to steal user credentials by hijacking communications with legitimate web servers by way of man-in-the-middle attacks. Users are then redirected to malicious SMB servers that extract the victim's username, domain, and hashed password.
While the technique is somewhat new, it's taking advantage of an old flaw in Windows that was first discovered in 1997. Back then, Aaron Spangler found that supplying URLs beginning with the world "file" to Internet Explorer (like file://1.1.1.1/)would cause the OS to try and authenticate with an SMB server at the IP address 1.1.1.1.
User credentials sent over SMB are typically encrypted, though Cylance claims it would only take about $3,000 worth of GPUs for an attacker to crack any eight-character password consisting of letters and numbers in less than half a day.
Much ado about little? Microsoft told Reuters in an emailed statement that "several factors would need to converge for a 'man-in-the-middle' cyberattack to occur." Furthermore, the company reminded that there are features baked into Windows like Extended Protection for Authentication that add protection against this sort of thing.
Follow Paul on Google+, Twitter, and Facebook


More...