“The actual drawback is that this retains coming again with all types of file varieties,” mentioned Ullrich. “Final yr it was with Outlook; once you opened an e mail, it was potential to set off these downloads from malicious servers. It’s a recurring drawback. Microsoft is enjoying whack-a-mole in eliminating all of the totally different spots this might be occurring.”
Compounding the issue is the truth that the person password that goes out is shipped in an simply cracked NTLM hash, which Ullrich calls an “historical algorithm.” Nevertheless, he added, Microsoft disabled the NTLM functionality in latest variations of Home windows, so solely older variations of the OS must be in danger.
As Acros outlined in its weblog, the historical past of spoofed Home windows Themes goes again to final yr, when Akamai researcher Tomer Peled discovered a vulnerability that might set off the sending of a person’s NTLM credentials if a Theme file was seen in Home windows Explorer. “This meant that merely seeing a malicious theme file listed in a folder or positioned on the desktop can be sufficient for leaking person’s credentials with none extra person motion,” Acros notes.
