Windows Bug Can Steal Passwords Through Adobe Reader and 30 More Apps: What Should You Do?

May 2015:  The new Microsoft Windows computer bug that everyone is talking about isn’t new at all. In fact, the “new” flaw in every version of Windows — including the yet-to-be-released Windows 10 — would be old enough to vote if it were a person.

The reason it’s important now is because of all the cloud computing we’re doing. Systems are more vulnerable so if hackers get in, they can use this “bug” to pretend to be something they’re not and steal your credentials. Here’s what to do:

How is this bug different?

This 20-year-old problem is not like a regular “bug” that some brainiac techies can solve by developing a patch. It’s more of a design flaw in the way Windows operates.

The flaw makes it possible for hackers to eavesdrop or intercept your computer’s communications through a man in the middle attack. This kind of attack takes place behind the scenes — you don’t even know it’s happening. When your computer tries to connect with an app (or website) and the app (or website) requests that your computer identify itself, your computer responds by giving it the information it’s asking for. It’s very much like what you do when you’re prompted to enter your user ID and password. The connection is then made and you go about your computing business. Common stuff.

But with “Redirect to SMB,” the technique hackers use to exploit this flaw in Windows, hackers can intercept those HTTP requests for credentials and either steal them or redirect your computer to a malicious server instead of the one it was looking for. Neither is good. BUT the hacker has to be in your system (via malware or any of the usual nefarious ways) to do the stealing or redirecting.

Which apps can be exploited?

Windows is downplaying Redirect to SMB because it’s not an easy hack or an easy fix. Yet Cyclance, the researchers who discovered the Redirect to SMB technique, have found 31 apps that can be exploited. Some of them are popular and recognizable, and others are more behind the scenes:

  • Adobe Reader
  • Apple QuickTime
  • Apple Software Update (which handles the updating for iTunes)
  • Internet Explorer
  • Windows Media Player
  • Excel 2010
  • Microsoft Baseline Security Analyzer
  • Symantec’s Norton Security Scan
  • AVG Free
  • BitDefender Free
  • Comodo Antivirus
  • .NET Reflector
  • Maltego CE
  • Box Sync
  • TeamViewer
  • Github for Windows
  • PyCharm
  • IntelliJ IDEA
  • PHP Storm
  • JDK 8u31’s installer

What you can do about it?

Your company’s IT department can take steps to make a man-in-the-middle attack harder, like blocking outbound SMB traffic from the firewall.  For your home PCs, you have to be more diligent than ever – unfortunate but true! Windows users need to do these five things always:

  1. Keep your software up to date
  2. Use strong, complex passwords (try strongpasswordgenerator, and lastpass)
  3. Change your passwords often, like each time you pay your mortgage or rent so it becomes a habit
  4. Use a password manager such as Lastpass or StickyPassword that does the work for you (you only have to remember one password)
  5. Set up two-factor authentication on your accounts even though it’s an extra step … the extra five seconds can save you five weeks of work trying to reclaim your identity
  6. Connect through a secure VPN or VDI setup when connecting to your company network
You may also be interested in: