Search the Community

Hi, not sure if there's already a thread on this exploit, I couldn't find one, if so please delete. It seems Windows 8 and up is leaking login credentials (windows username/live email and hashed password) and vpn credentials if you are using IPsec, PPTP, L2TP. For the exploit to work it's necessary to use Internet Explorer, Edge, or any application which use standard Windows API or Internet Explorer as a HTML renderer (Outlook, Explorer) and opening the prepared attack website. Here's a nice write-up on the exploit: https://medium.com/@ValdikSS/deanonymizing-windows-users-and-capturing-microsoft-and-vpn-accounts-f7e53fe73834#.6gxx24w7x Included are tips on how to avoid the leak: Another way is to block all SMB traffic to the internet using Windows firewall. Just black all traffic to TCP port 137, 139 and 445 except to the destination IP ranges: 192.168.0.0/16 169.254.0.0/16 172.16.0.0/12 10.0.0.0/8 fd00::/8 fe80::/10 It's also mentioned that "Some VPN providers have been told about this issue and most of them has fixed it by blocking access to SMB ports or by blocking it locally in their client software." I tested with the newest experimental airvpn client and activated network lock and had credentials leak. It'd be nice if you guys could look into that until there's patch from MS. edit: the regedit fix seems to work fine, no leaks anymore on the test site