Vulnerability in Windows allows attackers to steal NTLM password hashes without any user intervention. It is fairly easy to exploit the vulnerability, and for the attack to be carried out, no special technical skills are needed. All you need is to add a malicious SCF file to the public Windows folder.

After adding to the folder the file is executed, and then collects the hashes of NTLM passwords and sends them to the server controlled by the attackers. With the help of easily accessible software, attackers can crack a hash and gain access to victim computers. Having obtained direct access to the network where the attacked computer is located, hackers are able to escalate access to neighboring systems.

The problem does not affect shared folders with password protection. Since the password is the default in Windows, many users have nothing to fear. However, in companies, schools and other organizations, for convenience of use, shared folders are not protected by a password, which makes them vulnerable.

The vulnerability was discovered by the Colombian security researcher Juan Diego (Juan Diego). In April this year, Diego told Microsoft about the problem, and in October the company released a patch as part of scheduled updates. However, the hotfix is ??only for Windows 10 and Windows Server 2016.

The remaining versions of the OS remain vulnerable, because the registry modifications are not compatible with earlier versions of Windows Firewall.

As Diego told Bleeping Computer portal, Microsoft's bulletin ADV170014 really fixes the problem, but the researcher was unable to determine the reason for its appearance. "The attack is automatic. The reason that makes it possible, is still not clear to me. Microsoft keeps everything in great secret, "- said Diego.

NTLM (NT LAN Manager) is a network authentication protocol developed by Microsoft for Windows NT.