Your Windows computer has a flaw

Your Windows computer has a flaw
© Getty Images

Every version of Microsoft’s Windows operating system is vulnerable to a weakness left over from a 1997 iteration of the software.

Security researchers at Carnegie Mellon and cybersecurity firm Cylance uncovered the flaw, which allows digital crooks to trick applications into logging into hacker-controlled Web servers. From there, the cyber thieves can collect login details.


“It’s a serious issue because stolen credentials can be used to break into private accounts, steal data, take control of PCs and establish a beachhead for moving deeper into a targeted network,” said Brian Wallace, a senior researcher with Cylance, in a Monday blog post.

The approach is known as a “man-in-the-middle” attack, because the hackers sit and relay communications between the user’s computer and Web servers, hijacking the communications in the process.

In theory, the defect could affect hundreds of millions of computers, although users would have to click on a malicious link first. So far, there’s no evidence of hackers employing the technique.

Cylance said software from at least 31 companies — including Adobe, Apple, Microsoft and Symantec — could be exploited through the vulnerability.

Microsoft downplayed the threat posed to users.

“We don’t agree with Cylance’s claims of a new attack type," a Microsoft spokesperson said in a statement. "Several factors would need to come together for this type of cyberattack to work, such as success in luring a person to enter information into a fake website."

Make sure to steer clear of emails from unknown senders or visiting websites that a browser warns are unsecure, the company cautioned.

“There are also features in Windows, such as Extended Protection for Authentication, which enhances existing defenses for handling network connection credentials,” Microsoft said in an email to Reuters.