Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>New SMB Flaw Affects All Versions of Windows

New SMB Flaw Affects All Versions of Windows


A critical vulnerability has been identified in all supported versions of Windows and this can allow an attacker who has control of some portion of a victim’s network traffic to steal users’ credentials for valuable services. The bug is related to the way that Windows and other software handles some HTTP requests, and as per researchers, it affects a wide range of applications, including iTunes and Adobe Flash. The vulnerability was disclosed Monday and it is known as Redirect to SMB. This weakness can enable an attacker to force victims to try to authenticate to an attacker-controlled server. Redirect to SMB is a way for attackers to steal valuable user credentials by hijacking communications with legitimate web servers via man-in-the-middle attacks, then sending them to malicious SMB (server message block) servers that force them to spit out the victim’s username, domain and hashed password. The Redirect to SMB flaw not only affects all of the current versions of Windows, but also Flash, some GitHub clients, some Oracle software and several security applications.
 
Read More:
 
Source:
Threat Post
 
Forbes
 
Top Tech News
 
Team Cymru
 
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
 
Contact Information
 
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis