Hot Potato Breaking Multiple Windows Versions

This is especially for the Windows users.

With the combination of three types of attacks, the exploit, named Hot Potato was created. This is a way to break into almost all of Microsoft’s recent versions of Windows. All these security flaws have been left unpatched by Microsoft because apparently it could have broken the compatibility among different versions of their operating systems.

The three security problems that form the Hot Potato exploit are a local NBNS (NetBIOS Name Service) spoofing technique that’s 100% effective, another security hole that allows an attacker to set up fake WPAD (Web Proxy Auto-Discovery Protocol) proxy servers, and an attack against the Windows NTLM (NT LAN Manager) authentication protocol.

It may take quite awhile for attackers to go through all these exploits but if successful, the attacker can escalate an application’s permissions from the lowest rank to system-level privileges, the Windows analog for a Linux/Android root user’s permissions.

The exploit was created on a proof-of-concept code released by Google’s Project Zero team in 2014 by the Foxglove security researchers and the findings have been presented at the ShmooCon conference and the exploit code has been posted on GitHub.

The researchers released some proof-of-concept videos on YouTube, where they  break Windows versions such as 7, 8, 10, Server 2008 and Server 2012.

Researchers say that enabling “Extended Protection for Authentication” in Windows should stop the last stage of their exploit, the NTLM relay attack.

Using SMB (Server Message Block) signing may theoretically block the attack, but they have not properly investigated this mitigation technique.

We will keep you updated on this story.

Source: Akati

Comments are closed.