Brian Wallace a researcher with security firm Cylance, has found a major Windows flaw which he calls Redirect to SMB. Wallace states “We’ve uncovered a new technique for stealing sensitive login credentials from any Windows PC, tablet or server, including ones running previews of the yet-to-be-released Windows 10 operating system. Software from at least 31 companies including Adobe, Apple, Box, Microsoft, Oracle and Symantec can be exploited using this vulnerability”.
Wallace also states “Redirect to SMB is a way for attackers to steal valuable user credentials by hijacking communications with legitimate web servers via man-in-the-middle attacks, then sending them to malicious SMB (server message block) servers that force them to spit out the victim’s username, domain and hashed password.”
Some of the software that can also be exploited includes the following
Redirect to SMB only affects Windows users who use Internet Explorer as their browser and is most likely to be used in targeted attacks when attackers have control over some component of a victim’s network traffic. It is also plausible that malicious ads can be created or modified to force authentication attempts from IE users whilst masking their intent from those displaying the advertising.
To reinforce how dangerous Redirect to SMB is, basic attacks on any shared WiFi access points can be done from any computer or mobile device. This means if you go to your local coffee shop to avail of their free WiFi facilities, you could be vulnerable.
Worryingly this vulnerability was first disclosed to Microsoft in 1997 and Wallace claims “Microsoft did not resolve the issue reported by Aaron Spangler in 1997. We hope that our research will compel Microsoft to reconsider the vulnerabilities and disable authentication with untrusted SMB servers. That would block the attacks identified by Spangler as well as the new Redirect to SMB attack.”
In the meantime Wallace has suggested the following workaround. “The simplest workaround is to block outbound traffic from TCP 139 and TCP 445 — either at the endpoint firewall or at the network gateway’s firewall (assuming you are on a trusted network). The former will block all SMB communication, which may disable other features that depend on SMB. If the block is done at the network gateway’s firewall, SMB features will still work inside the network, but prevent authentication attempts with destinations outside the network.”
Global law firm DLA Piper has today published the eighth edition of its annual GDPR…
Deel, the global payroll and HR platform, has announced that they are the new Guinness…
Applications are now open for the 2026 SIRO-Vodafone Gigabit Hub Initiative, as the programme marks…
International Rose of Tralee and apprentice electrical engineer Katelyn Cummins has been announced as one of the…
As world leaders head to Davos under the theme “A Spirit of Dialogue”, Sustainable Foods 2026 will…
A new national survey commissioned by STEM South West, the not-for-profit organisation promoting STEM education…
Irish Tech News are Ireland’s No. 1 Online Tech Publication and often Ireland’s No.1 Tech Podcast too.
You can find hundreds of fantastic previous episodes and subscribe using whatever platform you like via our Anchor.fm page here: https://anchor.fm/irish-tech-news
If you’d like to be featured in an upcoming Podcast email us at Simon@IrishTechNews.ie now to discuss.
Irish Tech News have a range of services available to help promote your business. Why not drop us a line at Info@IrishTechNews.ie now to find out more about how we can help you reach our audience.
You can also find and follow us on Twitter, LinkedIn, Facebook, Instagram, TikTok and Snapchat.
