Security News Hackers Can Steal Windows Login Credentials Without User Interaction

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
Microsoft has patched only recent versions Windows against a dangerous hack that could allow attackers to steal Windows NTLM password hashes without any user interaction.

The hack is easy to carry out and doesn't involve advanced technical skills to pull off. All the attacker needs to do is to place a malicious SCF file inside publicly accessible Windows folders.

Once the file has been placed inside the folder, it executes due to a mysterious bug, collects the target's NTLM password hash, and sends it to an attacker-configured server. Using publicly available software, an attacker could crack the NTLM password hash and later gain access to the user's computer.

Such a hack would allow an attacker that has a direct connection to a victim's network to escalate access to nearby systems.

Not all computers with shared folders are vulnerable
...
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top