You can be on Entrepreneur’s cover!

Windows Security Flaw Could Let Hackers Steal Login Info From Hundreds of Millions of PCs If a hacker can get a Windows user to click on a bad link in an email or on a website, it can essentially hijack communications and steal sensitive information.

By Reuters

entrepreneur daily

This story originally appeared on Reuters

insider.windows.com

Computer security researchers said they have uncovered a new variation on an old weakness in Microsoft Corp's Windows operating system that could theoretically allow hackers to steal login credentials from hundreds of millions of PCs.

The vulnerability, named 'Redirect to SMB' by security firm Cylance, is similar to one found in the late 1990s that took advantage of a weakness in Windows and Microsoft's Internet Explorer browser which made it possible for attackers to trick Windows into signing on to a server controlled by hackers.

According to Cylance, if a hacker can get a Windows user to click on a bad link in an email or on a website, it can essentially hijack communications and steal sensitive information once the user's computer has logged on to the controlled sever.

In the latest variation of the technique, Cylance said users could be hacked without even clicking on a link, if attackers intercept automated requests to log on to a remote server issued by applications running in the background of a typical Windows machine, for example to check for software updates.

The attack takes advantage of features in Windows Server Message Block, commonly known as SMB. The new variation, discovered by Cylance researcher Brian Wallace, has so far only been recreated in the laboratory and has not been seen on computers in the outside world.

Microsoft said the threat posed by the purported weakness was not as great as Cylance supposed.

"Several factors would need to converge for a 'man-in-the-middle' cyberattack to occur. Our guidance was updated in a Security Research and Defense blog in 2009, to help address potential threats of this nature," said Microsoft in an emailed statement. "There are also features in Windows, such as Extended Protection for Authentication, which enhances existing defenses for handling network connection credentials."

The CERT unit of the Software Engineering Institute at Carnegie Mellon University, a federally funded body which tracks computer bugs and internet security issues, issued a warning about the vulnerability on Monday.

It said it was unaware of a full solution to the problem, but suggested several ways of minimizing the vulnerability.

(Reporting by Bill Rigby; Editing by Marguerita Choy and Grant McCool)

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Growing a Business

To Achieve Sustainable Success, You Need to Stop Focusing on Disruption. Here's Why — and What You Must Focus on Instead.

Instead of zeroing in solely on disruptive innovation, embrace a pragmatic approach to innovation, recognizing and leveraging the potential within ongoing industry shifts.

Business News

Mark Zuckerberg Says This CEO Is the 'Taylor Swift' of Tech

Meta's CEO posed with Nvidia CEO Jensen Huang on Instagram Wednesday.

Real Estate

3 Emerging Trends Shaping the Future of Real Estate

These three innovations are reshaping the real estate industry — discover tips for effectively covering these trends.

Leadership

What We Have to Gain By Talking About Grief and Loss At Work

I lost my husband to cancer during Covid — here's how it changed how I lead at work.

Side Hustle

This Mom Started a Side Hustle After a 'Shocking' Realization in the Toy Aisle. Her Product Was in Macy's Within the Year — Seeing Nearly $350,000 in Sales.

Elenor Mak, now founder of Jilly Bing, didn't plan to start a business — but the search for a doll that looked like her daughter inspired her to do just that.

Fundraising

Avoid These 9 Pitch Deck Mistakes When Asking Others For Money

Crafting an efficient pitch deck requires serious effort, but at least it's not wandering in the dark since certain rules are shaped by decades of relationships between startups and investors.