In updating to Windows 10 Anniversary Update detected dangerous vulnerability 20 years ago
On Tuesday, Microsoft released major update Windows 10 – Anniversary Update, which introduces several new features and capabilities. As specialists have found out, the update contains a “hole” in security, through which hackers can gain access to user data.
Windows 10 Anniversary Update contains a vulnerability that was first discovered back in 1997. The bug allows hackers to know the name and password of the Microsoft account that is used in products Outlook, Edge, Skype, Office 360 and SkyDrive.
A dangerous gap in the OS is a network application layer Protocol for remote access to files, printers, and other network resources, Server Message Block (SMB).
To obtain the necessary data to the attackers is enough to add to a web page image that is loaded from a network drive via SMB. Microsoft will try to download the network resource and sends to the data server user account.
For the first time this problem was discovered in Windows 95 and Windows NT, but the experts felt it was insignificant, and forgot about it.
However, at the moment, given the wide use of Microsoft accounts, the gap has become urgent. Experts advise users to use complex passwords and change the password for any suspected leakage.