This article is more than 1 year old

Windows passwords leak tip

Microsoft has published some guidelines for firewalling off traffic that could leak username and password information from corporate networks.

As we reminded everyone last month, it is possible to trick Internet Explorer, Edge, Outlook and other Redmond software into coughing up your Windows computer's login name and an NTLM hashed password, which can be easily cracked if you have a weak passphrase.

All you have to do is click on a link or open a webpage with an image URL that attempts to pull a document from a remote SMB file server. Windows, even Windows 10, will try to automatically authenticate with the server using your login details, thus handing them over to potential miscreants.

Microsoft's solution to this is to firewall off outgoing traffic to SMB-related ports 137, 138, 139 and 445.

"Malicious users can use the Server Message Block (SMB) protocol for malicious purposes," the advisory, dated August 26, reads.

"Firewall best practices and firewall configurations can enhance network security by helping to prevent potentially malicious traffic from crossing the enterprise perimeter." ®

More about

TIP US OFF

Send us news