Hjem > Cyber ​​Nyheder > Hot Potato Exploit Endangers Recent Windows Versions
CYBER NEWS

Hot Potato Exploit fare Seneste Windows-versioner

hot-potato-exploit-windows-STForumWindows is vulnerable and this is not a secret to anyone. Men, Windows vulnerabilities are not discussed as often as they should be. Flere måneder siden, we informed you about a particular exploit in Windows 10 kendt som Multihandler udnytte.

Lær mere om Windows’ Sårbarheder:
Silverlight Zero-Days Exploits
Microsoft’s ATP Service Is Flawed

The Hot Potato Exploit

Nu, researchers at Foxglove Security have unveiled another weak spot in Windows that affects almost all of its latest versions. The exploit is dubbed Hot Potato and has been discovered by putting together a series of known Windows security flaws.

The exploit itself was created on the basis of a proof-of-concept code released by Google’s Project Zero in 2014. The Foxglove’s research team has presented their findings at the ShmooCon security conference recently held in Washington. The researchers have also shared Hot Potato’s code on GitHub.

What is quite alarming about Hot Potato is that it can be activated by three types of attacks that were disclosed about 15 år siden, i 2000. Med andre ord, all of the vulnerabilities that take part in Hot Potato have been left unpatched.

Is there any explanation given by Microsoft?
Just an odd one saying that patching the security flaws could have broken compatibility between the different versions of Windows.

Hot Potato Exploit’s Vulnerabilities

As explained by Softpedia, the three vulnerabilities representing Hot Potato are:

  • A very effective local NBNS (NetBIOS Name Service) spoofing technique;
  • A vulnerability that enables malicious actors to set up a fake WPAD (Web Proxy Auto-Discovery Protocol) proxy server;
  • An attack against the Windows NTLM authentication protocol.

Hot Potato’s Attack Scenarios

Researchers believe that using the three exploits one by one may take malicious actors from several minutes to several days. Men, if their attempts are successful, they can elevate apps’ permissions to system-level privileges.

The worst part is that the researchers succeeded in breaking the following versions of the operating system:

  • Vinduer 7;
  • Vinduer 8;
  • Vinduer 10;
  • Server 2008;
  • Server 2012.

Proper mitigation techniques are yet to be investigated. Men, researchers say that enabling the Windows’ Extended Protection for Authentication should put an end to the last stage of Hot Potato.

Milena Dimitrova

En inspireret forfatter og indholdschef, der har været hos SensorsTechForum siden projektets start. En professionel med 10+ års erfaring med at skabe engagerende indhold. Fokuseret på brugernes privatliv og malware udvikling, hun tror stærkt på en verden, hvor cybersikkerhed spiller en central rolle. Hvis almindelig sund fornuft giver ingen mening, hun vil være der til at tage noter. Disse noter senere kan blive til artikler! Følg Milena @Milenyim

Flere indlæg

Følg mig:
Twitter

Efterlad en kommentar

Din e-mail-adresse vil ikke blive offentliggjort. Krævede felter er markeret *

Del på Facebook Del
Loading ...
Del på Twitter Tweet
Loading ...
Del på Google Plus Del
Loading ...
Del på Linkedin Del
Loading ...
Del på Digg Del
Del på Reddit Del
Loading ...
Del på Stumbleupon Del
Loading ...