Brian Wallace, senior researcher at Cylance, spotted an 18 year-old security flaw which had quietly plagued Windows for ages. It appears that the security flaw allowed hackers to steal usernames as well as passwords from a plethora of Windows operated systems. Termed ‘Redirect to SMB’, this vulnerability would redirect users to a malicious server where their credentials would be compromised.
In essence, hackers can inflict a man in the middle attack upon which they can break a user’s password. Cylance SPEAR research team has its own term for this: ‘forever day’ vulnerability. This is a reference to its continuity since its initial discovery in 1997 by researcher Aaron Spangler. Spangler noticed a security flaw in Internet Explorer which allowed hackers the same luxury using a protocol, Windows Server Message Block (SMB).
Redirect to SMB’ flaw affect at least 31 mainstream applications on Windows
The flaw Spangler discovered back in 1997 may be restricted to Internet Explorer but the more recently spotted ‘Redirect to SMB’ flaw affects a wide variety of apps on various iterations on Windows. Some of at least 31 affectees include: iTunes, Adobe Reader, Norton Security Scan and Box. Wallace explains that if one were to use free, unsecured wifi on a Windows laptop in a coffee shop, a hacker in the vicinity could steal that user’s credentials for plenty of vulnerable apps in use at that point.
Wallace was vocal about his excitement at discovering the issue with the chat messenger. However, this changed to fear in no time as he learned how far reaching the effects of Redirect to SMB were. As a result, the team disclosed this information to Carnegie Mellon University CERT. Carnegie Mellon then commenced work on patching the vulnerable apps. Wallace is hopeful that the security community will come together in order to sort this out soon.
Following in the footsteps of Wallace, here’s full disclosure of all 31 affected apps: Apple Quicktime, Adobe Reader, Internet Explorer, Apple Software Update, Excel 2010, Windows Media Player, AVG Free, Norton Security Scan, Comodo Antivirus, BitDefender Free, Maltego CE, .NET Reflector, TeamViewer, Box Sync, PyCharm, Github, JDK 8u31’s installer, PHP Storm and IntelliJ IDEA.