Primera Vulnerabilidad en Windows 10, Navegador Microsoft EDGE. Además afecta mas programas. (Noticia en Ingles). Vulnerability in the Microsoft Server Message Block (SMB)
First Vulnerability Found in Microsoft Edge, Affects Other Software as Well
Internet Explorer, Windows Media Player, Excel, QuickTime, AVG, BitDefender, and Comodo Antivirus also vulnerable
At the Black Hat USA
2015 conference in Las Vegas, a team of security experts led by
Jonathan Brossard have presented a vulnerability in the Microsoft Server
Message Block (SMB) protocol used for sharing files in local networks.
The vulnerability affects all version of Windows,
including the newer Windows 10, and can be exploited via the Internet,
something researchers thought as impossible.
SMB is a 21-years-old protocol created by IBM, which
allows for sharing files and printers inside a network. Since its
creation, it has evolved and reached version 3.0, which now ships with
most Windows OS instances.
The protocol is used most of the times in enterprise
networks, working together with the NTLMv2 authentication algorithm,
which allows users to quickly authenticate themselves on Windows
servers.
A faulty DLL is at the core of the problem
The vulnerability discovered by Mr. Brossard's team
allows hackers to extract user credentials from a closed Windows domain
using an attack technique called SMB relay (a basic man-in-the-middle
for SMB data).
While this technique usually worked only in LANs,
because most enterprise networks have now expanded to include cloud
infrastructures, an SMB relay can now be performed for Internet-facing
connections as well.
The credentials leak happens when a user is trying
to read an email, access a Web page using their browser or do anything
that implies opening a URL.
This opens a specific DLL file put into place to
protect against SMB relay attacks, but its content and subsequent
settings are ignored, as the security experts have found out.
This allows an attacker to perform an SMB relay
attack, get the user's credentials, break the password hash, and then
use them to steal information from the network by passing as a regular
user.
This is the first vulnerability ever reported to affect the Edge browser
As Mr. Brossard notes, all IE versions are
vulnerable, including Microsoft's latest Edge browser, making this "the
first attack against Windows 10 and its web browser Spartan."
Additionally, other vulnerable applications include
Windows Media Player, Adobe Reader, Apple QuickTime, Excel 2010,
Symantec's Norton Security Scan, AVG Free, BitDefender Free, Comodo
Antivirus, IntelliJ IDEA, Box Sync, GitHub for Windows, TeamViewer, and
many other more.
The research paper was written before the Windows 10 launch, and obviously before Spartan was renamed to Edge.
The research also includes different mitigation
techniques, but according to Mr. Brossard, the most efficient one would
be to set up custom PC-level Windows Firewall settings, preventing SMB
data from leaking online via specific ports, where an SMB relay can be
carried out.
"Since virtually any Windows machine part of a
corporate network uses IE as a default web browser and is typically part
of an Active Directory network, the magnitude of this vulnerability is
unprecedented," says Mr. Brossard.
_______________________________________________________________________
Tomado de: http://news.softpedia.com/news/first-vulnerability-found-in-microsoft-edge-affects-other-software-as-well-488913.shtml
Se respetan derechos de Autor