Your password to Windows 10 on your desktop/laptop is critical to ensuring your files remain private and cannot be accessed by anyone else. But a vulnerability has been detected in Microsoft’s Outlook program that may allow hacker access to your password and practically every other information you may have on your system.
Ironically, it is not as if this vulnerability was detected just now. It was reported way back in November 2016. But Microsoft had not responded as swiftly as it was expected to. A patch has since been released by the company in April and it has posted an alert to the users as well.
Trouble Comes Via a RTF Attachment to Mail
If you are using Outlook as the default mail program, the hacker could target you with a message that comes with an attachment in Rich Text Format or RTF.
The message may force you to either open or even preview it and once this happens, the OLE objects included in the email will automatically establish a connection to a remote SMB server and the hacker would then take over and can easily access all content on your system, including the Windows username and password.
With that, the attacker can possibly access every piece of information in any format present in your device.
The Patch Released by Microsoft
In the April 2018 update released by Microsoft, the company claims Outlook has been equipped with the capability to deal with the OLE objects in RTF messages and to block them from accessing the SMB server.
In a blog post, Will Dormann, the researcher from CERT who originally found the vulnerability, noted that the patch does not completely leave the user immune to the attack. It’s still a possibility for the OLE object to connect to the remote SMB server. As such, the threat does not stand fully removed.
One More Vulnerability Found
Besides this flaw with Outlook, another vulnerability has been reported by an expert via the Zero Day Initiative by Trend Micro, a cybersecurity specialty firm. Here, the vulnerability is linked to the Windows Remote Assistance feature within Windows 10.
An alert has been issued by Microsoft on this flaw and it clearly says that this bug lets a hacker break into the victim’s system and steal any file, data or information from it. And the worst situation is the victim will have no knowledge whatsoever that their information has been stolen.
The expert posted the complete details of this vulnerability and explained how the Windows Remote Assistance request sent to another user in a file named “Invitation.msrcincident” needs to be sent via email and, according to the researcher, it is this file which comes useful to the cybercriminals to exploit and hack into the sender’s system.
Incidentally, this vulnerability has also been acknowledged and remedied by Microsoft in the April patch and hopefully stands resolved.
How to Stay Safe
Now the most vital question is how you can stay secure and avert a cyberattack on your system or network. It is essential that you stay updated with the latest patches released by Microsoft being downloaded and run on your system.
For the first Outlook-related vulnerability, which is labeled CVE-2018-0950, the corresponding update from Microsoft must be installed.
For the Server Message Block (SMB) issue, both incoming and outgoing, you must block the relevant ports. These are being identified as 445/TCP, 137/ TCP, 139/ TCP, along with 137/ TCP and 139/ TCP. You will have to disable or block the Single Sign On or SSO authentication, in respect of the NT Lan Manager or NTLM.
There is also the basic security instruction that the passwords you create must be uncrackable. Your password should be long and complex with a mix of characters, so that hackers cannot solve it quickly.
If you require any help, there are sites which offer guidance on how to structure a password. Of course, you must remember your passcode even if you have to write it down and find ways to keep it away from others. A password manager program like 1Password or LastPass can help you with that.
Lastly, be alert to suspicious emails, particularly the links or attachments that come with such messages. Check if the source of the email is known to you before even opening it.