Hackers has discovered a security flaw in all current Windows versions that reached back to Windows 95. This bug can leak your Windows account credentials to web sites.
Advertising
A white paper SMB : Sharing more than your les… has been presented a blackhat.com. This flaw can leak your Windows account credentials to web sites if you use Microsoft products like Edge, IE or Outlook. Hackers has embedded an image in a web page whick loads from a SMB network share. Microsoft products try to load the network share and send the user's Windows login credentials (username and password) to that network share. The user name is in plain text, the password is an NTLMv2 hash code.
Because Windows 8.1 and Windows 10 uses Microsoft accounts, the e-mail address is leaked to web sites. The recommendations: Don't use Microsoft software to access web sites. Block SMB ports within your firewall for public connections. More may be found at mspoweruser.com.
