Redirect to SMB - MS SharePoint Server 2010; Microsoft Security Flaw Discovered
We all are aware of the fact that Microsoft rules the world when it comes to operating systems in PCs and laptops, however; there are still occasions where security issues are passed over. These unpleasant instances are discovered usually by the in-house engineers – but surprisingly a third party discovered a flaw recently. These are the security firms who are always looking out to streamline any of the gaps involving the integrity of information carried through these operating systems.
Redirect to SMB, aka forever-day, is one of those flaws which experts claim, has the potential to open up floodgates for hackers and other anti-elements to procure vital and sensitive information of users, may it be individual or corporations – whoever were using Microsoft operating systems in their PCs or Laptops.
A security firm, discovered this flaw and with a bang, they claim that a minimum of 31 major corporations including Adobe, Oracle and Apple are exploited with this fragile gateway.
Furthermore; darkreading.com has gone to the extent of saying that all versions of Windows are affected by this flaw. It allows hackers to obtain encrypted login credentials from PCs using Windows to gain entry through compromised web servers or with the help of control of network traffic. They then redirect it to the SMB based server, and upon entering all credentials are available to be copied and used.
This flaw could lead to an attack may be in hours – where data is vulnerable – the PC is controllable – or can be used as a launch pad for attacking other parts of the machine’s network.
A wide plethora of applications and developer tools that are likely to be affected by flawed Windows API including:
- Adobe Reader
- Apple QuickTime and Apple iTunes Software Update
- Internet Explorer 11
- Windows Media Player
- Excel 2010
- Microsoft Baseline Security Analyzer
- Symantec Norton Security Scan
- AVG Free
- BitDefender Free
- Comodo Antivirus
- .NET Reflector
- Maltego CE
- Box Sync
- GitHub for Windows
- IntelliJ IDEA
- PHP Storm and
- Oracle JDK 8u31’s installer
Microsoft, as news claims did not patch the bug – allowing it to get exploited through file:// URI schemes – and instead offered ways and means to mitigate it, followed with naming it to be Extended Protection for Authentication feature for Windows. Windows machines are still vulnerable to older attacks if some mitigation strategy is not taken up instantaneously – by changing the default settings in the operating system.
The so called "forever-day" is called so because it has the ability to remain alive and well. Lately, they found that bad guys may intercept HTTP/HTTPS requests by browsers and applications. This includes application updates and online advertisements, also these attacks may take place through man-in-the-middle exploits.
As a response to all this chaos, Microsoft went about issuing around 11 security bulletins – especially to address these remote code execution gaps. Four of this eleven were said to be critical patches and would take care of 26 vulnerabilities that were found. The MS15-033 security bulletin holds a special position as it reconciles the zero-day vulnerability of MS Office. Some also suggest blocking TCP 139 and 445 ports, to basically disable SMB communications.
Chirag Shivalker is one of the very few business writers with flair of social commentary through his technical writing at Hi-Tech Outsourcing Services. With A decade long experience in technology writing and trend analysis Chirag is an expert in technology and technological trends along with business writing. Technology in mind and words at will Chirag is an all-rounder who has established his writing capabilities’ in multiple technology disciplines.