Microsoft won’t fix Windows flaw that lets hackers steal your username and password

The flaw, which allows a malicious website to extract user passwords, is made worse if a user is logged in with a Microsoft account.

A previously disclosed flaw in Windows can allow an attacker to steal usernames and passwords of any signed-in user — simply by tricking a user into visiting a malicious website.

But now a new proof-of-exploit shows just how easy it is to steal someone’s credentials.

The flaw is widely known, and it’s said to be almost 20 years old. It was allegedly found in 1997 by Aaron Spangler and was most recently resurfaced by researchers in 2015 at Black Hat, an annual security and hacking conference in Las Vegas.

The flaw wasn’t considered a major issue until Windows 8 began allowing users to sign into their Microsoft accounts — which links their Xbox, Hotmail and Outlook, Office, and Skype accounts, among others.

Overnight, the attack got larger in scope, and now it allows an attacker to conduct a full takeover of a Microsoft account.

Source: Zdnet

Subscribe to our newsletter

To be updated with all the latest news

Maya Kamath
Maya Kamathhttps://www.techworm.net/
Content writer with unending love to pen down my thoughts and views regarding the new technological inventions as well as probe into the current affairs. Feel as if i am free bird who can actually live life at my pace.

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Subscribe to our newsletter

To be updated with all the latest news

Read More

Suggested Post