Microsoft Confirms Windows Flaw, Says Users Are Responsible for Their Security

Status
Not open for further replies.

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Today security company Cylance has revealed a security flaw affecting all Windows versions, confirming that pretty much every single edition of the desktop operating system is affected by a vulnerability that could expose usernames and passwords on a PC.

In a statement provided by Microsoft and attributed to a company spokesperson, Redmond confirms the flaw but says that it's not necessarily a new kind of attack, but mostly an old technique that involves users and lures them into clicking malicious links.

Indeed, Cylance said in its original report that users would have to click a malicious link sent by the attacker in order to have their computers exploited, but it explained that usernames and passwords would be stolen after authentication is performed in the background without any other prompt displayed to users.

Microsoft, on the other hand, says that users are at the core of this exploit and explains that, without their input, no such vulnerability would be possible. The software giant, however, hasn't provided any information on a possible patch to address the flaw, but this is expected to be launched next month as part of the Patch Tuesday rollout.

“We don't agree with Cylance's claims of a new attack type. Cybercriminals continue to be engaged in a number of nefarious tactics. However, several factors would need to come together for this type of cyberattack to work, such as success in luring a person to enter information into a fake website. We encourage people to avoid opening links in emails from senders that they don't recognize or visiting unsecure sites,” a company spokesperson said.

How to block exploits
While there are some other more advanced techniques to block the flaw, Microsoft provides some basic recommendations to those who'd like to make sure that no exploit is possible until a patch arrives.

As we told you earlier today, it's recommended to avoid clicking on suspicious links coming from unknown sources, and Microsoft says that this is pretty much the most effective way to avoid getting hacked. Even with up-to-date antivirus software, visiting malicious links could still get you exploited, so just don't click on anything that seems suspicious.

This month's Patch Tuesday updates will ship later today, but a fix for this issue is unlikely to be provided, so expect one in May.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top