Forever Day Vulnerability Affects All Windows Versions

Forever Day is a play on the “Zero-day” vulnerability which means the application vulnerability has not been patched and can be hacked. Forever-day now means it is always vulnerable (unless the software vendors figure out a patch), although it may be a configuration problem.

 

Dark reading has the story:

http://www.darkreading.com/endpoint/new-security-flaw-spans-all-versions-of-windows/d/d-id/1319884

The most interesting paragraph:

{HD Moore, chief research officer at Rapid7 and creator of Metasploit, says the attack puts Windows clients at risk on untrusted or compromised networks. “Exploiting SMB connections for hash capture and relay usually requires some action on the user’s part, such as opening an email or clicking a link,” he explains. “Non-interactive attacks would attacks would be [limited] to exploiting some kind of saved SMB configuration, such as a network printer or file share.”}

But to learn the actual company which uncovered this, we have to go to http://blog.cylance.com/redirect-to-smb

cylancespearRedirectToSMB-Diagram-1

 

this is the initial problem event, where the victim connects to the attacker machine where a SMB (Structured Message Block) server instance is running.

cylancespearRedirectToSMB-Diagram-02

then a redirection occurs (code 302)  which the victim dutifully takes on and uses to make a successful Man-In-the middle attack.

This advanced attack method would likely be used by a hacker that already has access to your network.

Client mitigation methods include blocking port 139 and 445 at the outbound firewall, if SMB access is needed across the firewall, one should limit this access

 

As Cylance discussed in their mitigation methods white paper:

http://cdn2.hubspot.net/hubfs/270968/SPEAR/RedirectToSMB_public_whitepaper.pdf?t=1429022094769

Also authentication encryption would help mitigate this, but it looks like 31 applications may be susceptible to this type of an attack.

Including Antivirus software by Symantec, AVG Free, BitDefender Free, and Comodo Antivirus.

Adobe Reader, Apple QuickTime, Apple software update, as well as Internet explorer, Windows Media player, excel 2010, and Microsoft baseline security analyzer.

Box Sync and TeamViewer are also on the list.

Of security tools, the .NET reflector and Maltego CE as well.

Please update your firewall rules, if you need help contact us

 

Advertisements

One thought on “Forever Day Vulnerability Affects All Windows Versions”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.