Seems to be a modification of a previous flaw but it potentially affects a great number of machines so it might bear looking at.
Secondary reference article (similar info):
Software made for advertisers to stream crapola into and NSA to stream data out of computers found easy to hack
From iTnews:
“In the latest variation of the technique, Cylance said users could be hacked without even clicking on a link, if attackers intercept automated requests to log on to a remote server issued by applications running in the background of a typical Windows machine, for example to check for software updates.
“The attack takes advantage of features in Windows Server Message Block, commonly known as SMB. The new variation, discovered by Cylance researcher Brian Wallace, has so far only been recreated in a lab and has not been seen on computers in the outside world.
“Cylance said the flaw affected all versions of Windows - including the yet-to-be-released Windows 10 operating system - as well as software from at least 31 companies including Adobe, Apple, Box, Microsoft, Oracle and Symantec.
Grist for your Ping list,
Forgot to post entire title. Full:
“New Redirect to SMB Flaw in all Windows versions including Windows 10 allows hackers to steal login credentials”.
Reason №46 as why I don’t use SMB/Samba/NT folder sharing.
SMB has historically been the source of many security holes.
Ahhh, I love the smell of an SMB security thread in the middle of the night.
Some flaws are worse than others. When it comes down to it, the only truly secure computer is a standalone computer....Else it take lots of network slowing processes and eternal vigilance to protect and defend any network/computer.
Sorry to burst your bubble, Util, but this affects Apple as well.
The problem is already rectified in newer browsers such as Firefox and Chrome since any direct-to-SMB call is going to be followed up with a request for credentials since kernel mode access to the user hive is unique to IE.
Also remember that SMB is not unique to Windows insomuch as any other platform can use some variant of SMB (i.e. Samba). This is also not so much a vulnerability as a flaw. If you can scrub your egress points with a proxy or firewall to prevent outbound file:// calls, you're relatively safe. If, however, the attacker is inside your network and sets up something on a local webserver that can sniff the inbound authentication traps from users attempting to access compromised machine, then you're screwed anyway; first by the fact you have a rogue internal operator and then by the fact your websites have been compromised.
My guess on Microsoft's fix: do not address direct-to-SMB calls through a browser call. Note that this does NOT affect UNC pathing or access via mapped drive.