Zombie Vulnerability Affects Every Version of Windows

Status
Not open for further replies.
Terry Ganzi

Terry Ganzi

Level 26
Thread author
Verified
Top Poster
Well-known
Feb 7, 2014
1,540
Content source
http://gizmodo.com/zombie-vulnerability-affects-every-version-of-windows-1697470546
A team of researchers recently found a zombie vulnerability that affects every single version of Windows—including the Windows 10 preview. Microsoft has no plans to fix the vulnerability.

The vulnerability is a zombie, because it’s an undead version of a vulnerability that first appeared in 1997. Working with Cylance, a team of security researchers at Carnegie Mellon’s CERT Division found the same weakness enables a new way of stealing usernames and passwords from Windows, as well as software from 31 different vendors, including Adobe, Apple, Oracle and Symantec.

Basically, a hacker can trick the Windows Server Message Block into surrendering log in credentials if the user clicks on a certain kind of link.

Seems bad, right? Well, it’s worth pointing out that this vulnerability has only been recreated in the lab, it has not been exploited. So it’s not like a team of evil hackers have stolen millions of Microsoft passwords and gone on a shopping spree—though that already happened once this year. That said, Microsoft still hasn’t released a patch to fix the vulnerability, apparently because they think it would be too complicated to exploit.
 
  • Like
Reactions: Logethica, jamescv7, silversurfer and 3 others
D

Deleted member 21043

Whether it was recreated in the lab or not, it was created in the first place which proves it's possible. Meaning it can be recreated elsewhere, e.g. by a group of black hat hackers.

Microsoft should fix this... When someone finds a vulnerability in their product, they try to fix it... Not say it's too "complicated" for the exploit... Every exploit is "complicated" in it's own way: point being, it's a security risk and they should be trying to fix it.

Maybe if a group of black hat hackers did create the exploit they'd change their minds about not fixing it, but why not try to fix it so there is less damage for if the exploit does ever get created for bad use?
 
  • Like
Reactions: jamescv7, Terry Ganzi, rienna and 1 other person
EmiLLiaN

EmiLLiaN

Level 1
Verified
Aug 1, 2014
34
Seriously?

I personally think that this should be a shame for Microsoft. What will happen now that the hackers know this info (smart thing for the source to publish this on the internet) ? Sooner or later, the exploit will be online, stealing accounts. o_O
 
  • Like
Reactions: Terry Ganzi
jamescv7

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
So underestimating the ability of exploit? Whether its a big or small vulnerability occur, it should count as their quality control to serve users with proper patches at all.
 
  • Like
Reactions: Terry Ganzi
Status
Not open for further replies.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws
Replies
2
Views
1,533
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
CyberPanther
    • Like
New Update ESET patches High-Severity Privilege Escalation Vulnerability
Replies
0
Views
1,478
ESET
CyberPanther
CyberPanther
silversurfer
    • Like
    • Applause
    • +Reputation
Microsoft Teams vulnerability discovered to bypass file sending restrictions
Replies
1
Views
1,535
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top