Recently, hackers discovered an old bug in both Windows 8 and 10 with the ability to leak the username and password associated with your Microsoft Account using through Edge or Outlook.
This flaw lets hackers include an image on a page that loads from a SMB network share. Edge or Outlook loads the network share and allows access to the network using Windows credentials. The username is sent in plain text while the password is converted to a NTLMv2 hash.
This is indeed worrying, and many people are wondering what they can do in order to protect their usernames and passwords. According to specialists and researchers, there are three main things that you can do. The first of them is to avoid connecting to various websites using any Microsoft software. Cut off Edge and Outlook from your list of programs to access the web and you will a little bit safer — though not completely.
The second thing you can do in order to be safer is to change your password to a stronger one. In general, long passwords that contain a variety of characters are harder to crack, even though it might be inconvenient to you to memorize them or write them down. The third and last thing recommended is to enable your firewall to block every SMB ports it finds. Make sure you enable egress filters for ports 137, 138, 139 and 445 and that you drop any IPs that lead to any of those ports. However, this is a solution for home users, not business ones.
RELATED STORIES YOU NEED TO CHECK OUT:
- Windows 10 Mobile build 14361 randomly restarts Lumia 950 phones
- Here’s what Windows 95 looks like on the Apple Watch
- Here’s how Windows 95 runs on a Xbox One