Years of vulnerability detection can affect all Windows users
Cylance's information security expert works with CERT research teams at Carnegie Mellon University and claims to have discovered a botnet vulnerability that affects all Windows versions for a long time. It is also included in the latest Windows 10 technology preview version. The botnet vulnerability was derived from the vulnerability discovered by Aaron Spangler in 1997, known as "Redirect to SMB" (redirected to SMB protocol) attackers can hijack sensitive user information, and the entire attack process can be completed by clicking a link.
Cylance also indicates that the vulnerability can also be exploited by any Windows application through man-in-the-middle attacks. The team identified 31 applications that were exposed to this security risk, including Adobe Reader, QuickTime, Norton Security Scan, WMP player, and IE 11. Microsoft has not stated whether to release an official patch to fix the vulnerability once. After all, the vulnerability has been around for 18 years.
This article permanently updates the link address: