A critical vulnerability has been identified in all supported versions of Windows and this can allow an attacker who has control of some portion of a victim’s network traffic to steal users’ credentials for valuable services. The bug is related to the way that Windows and other software handles some HTTP requests, and as per researchers, it affects a wide range of applications, including iTunes and Adobe Flash. The vulnerability was disclosed Monday and it is known as Redirect to SMB. This weakness can enable an attacker to force victims to try to authenticate to an attacker-controlled server. Redirect to SMB is a way for attackers to steal valuable user credentials by hijacking communications with legitimate web servers via man-in-the-middle attacks, then sending them to malicious SMB (server message block) servers that force them to spit out the victim’s username, domain and hashed password. The Redirect to SMB flaw not only affects all of the current versions of Windows, but also Flash, some GitHub clients, some Oracle software and several security applications.
Top Tech News
The information provided herein is on "as is" basis, without warranty of any kind.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street