Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Remains Vulnerable To Serious 18-Year-Old SMB Security Flaw

Posted by samzenpus on from the protect-ya-neck dept.

Mark Wilson writes A serious security hole leaves millions of Windows users open to attack, making it possible to extract encrypted credentials from a target machine. Researchers at Cylance say the problem affects "any Windows PC, tablet or server" (including Windows 10) and is a slight progression of the Redirect to SMB attack discovered by Aaron Spangler way back in 1997. Redirect to SMB is essentially a man-in-the-middle attack which involves taking control of a network connection. As the name suggests, victims are then redirected to a malicious SMB server which can extract usernames, domains and passwords. Cylance also reports that software from companies such as Adobe, Oracle and Symantec — including security and antivirus tools — are affected.

2 of 171 comments (clear)

  1. Many eyes... by Imagix · · Score: 0, Troll

    But... this is software that people were _paid_ to write. That means that these sorts of security holes can't happen! Not that open source thing of "many eyes makes all bugs shallow", they have the _right_ people reading the code thus these things can't happen. Right? Right?! (And if your sarcasm detector isn't going off the scale, you really need a new sarcasm detector....)

  2. Windows File-Sharing by Etherwalk · · Score: 1, Troll

    Windows file-sharing on home machines has pretty much always been terrible. It's like a bunch of monkeys put it together. I am guessing they tasked one or two guys to add it to home machines when the bulk of a group was working on corporate file sharing (which is at least a bit more reliable), and the result was just a really bad design and code that has been sitting around the kernel forever. Getting two machines to talk to each other over an Ethernet cable has always been much harder than in linux. (I was going to say and less secure, but I remember the telnet and ftp days...)