VPN Articles and News

Windows Flaw Reveals Microsoft Account Details And VPN Credentials

Friday, June 16th, 2017

Security experts have come across a severe security flaw in Windows 8 and 10 that can leak Microsoft account details as well as VPN credentials used by the user to browse the internet. The vulnerability occurs due to the way new versions of Windows handle old authentication procedures that have been a part of the Microsoft OS’ ever since Windows 95.

The bug relies on “WinNT/Win95 Automatic Authentication Vulnerability” (IE Bug #4) to carry out its attack. The surprising thing is that the vulnerability is now new; it was discovered in the year 1997 but was never fixed by the personal computing giant. The bug did not cause any problems in the previous versions of Windows but it has become dangerous in Windows 8 and 10 due to the way Microsoft has changed the authentication procedure for Windows OS. Till Windows 7, users could login via localized usernames and passwords but starting with Windows 8, Microsoft accounts became the preferred method of authentication for Windows based devices.

The vulnerability makes use of shared network resources to infect other devices. By exploiting the flaw, hackers can embed a link into Server Message Block (SMB) and share it across multiple networks. These malicious links can be embedded inside image tags and they get triggered when the mail or webpage is accessed via Internet Explorer, Edge or Microsoft Outlook. Due to the way Windows handles the authentication process for the networks shares, the OS would automatically send Microsoft Account credentials even if the request is made via the internet.

Although the Microsoft Account password is leaked as NTLM hash (and not as text), security experts have proved long time back that such information could be cracked in no time. And since Microsoft Accounts are tied up with most Microsoft products these days, including but not limited to Outlook, Bing, OneDrive, MSN, Xbox Live, Skype and Office; the leak of MS account credentials could prove catastrophic for the individual.

Along with MS Account details, the flaw can also be exploited by the attackers to get VPN account details from the users. Since the VPN connection is also used while loading the exploited SMB resource, VPN account details are automatically passed by Windows while transferring the network packets. Thus, the flaw makes it easy for the attackers to gain complete access to users’ VPN accounts.

As per security experts, the best way to protect yourself from the flaw is to avoid using your Microsoft Account to log into your computer. In addition, Windows 8 and 10 users can block port 445 (which transmits outgoing SMB connections) via their firewalls to remain safe from the vulnerability. Microsoft, on its part, must address the underlying issue since it has not been fixed for almost 2 decades now. While Microsoft has fixed certain issues related to the vulnerability, the issue of transmitting account details via SMBs (even when the request is transmitted via the internet) is yet to be addressed.

If you want to test your Windows 8 or 10 computer for the vulnerability, you can do it by visiting the following webpage:

June 16, 2017

Leave a Reply

Your email address will not be published. Required fields are marked *

9 + 3 =