National Cyber Security Center warns of vulnerability.
NorCERT (National Cyber Security Center) warns today about vulnerabilities that includes Windows 8 and later.
Windows vulnerability
NSM (National Security Agency) writes in a notice on their website that the vulnerability was discovered in 1997 and is still present in all Windows systems since Windows 95 / NT. This only results in later versions.
“This vulnerability is a flaw where Edge / Internet Explorer / Outlook are allowed to connect to external file directories (SMEs). An attacker could exploit this vulnerability by sending a link to the external file directory, and if the link is visited the login details associated user’s live account will be sent in plain front, “writes NSM.
Warns to use
previously only been possible to retrieve login details for a local user, but because newer versions of Windows uses MSA accounts (Microsoft account) as the default login, these details also retrieved.
Microsoft accounts use partly to log onto the following services:
- OneDrive.
- Outlook.
- Office, Bing.
- Xbox Live
- MSN
- Skype.
NorCERT recommends three harm reduction:
- Do not use the Microsoft software that accesses the network sites over the internet (such as internet Explorer, Edge and Outlook).
- utilizing a strong password for login which will be harder to crack.
- Do not use Microsoft Live account login on your local Windows machine.
Source
NSM
No comments:
Post a Comment