Technology

#Reportedly, custom themes can be used to steal Windows 10 user credentials

Table of Contents

#Reportedly, custom themes can be used to steal Windows 10 user credentials

A new finding by security researcher Jimmy Bayne, who has revealed it on Twitter, discloses a vulnerability in Windows 10’s themes engine that can be used to steal users’ credentials. A special malformed theme, when opened, redirect users to a page that prompts users to enter their credentials.

RECOMMENDED: Click here to fix Windows errors and optimize system performance

As you may already know, Windows allows sharing themes in Settings. This can be done by opening Settings > Personalization > Themes and then by selecting on “Save theme for sharing” from the menu. This will create a  new *.deskthemepack file that the user can upload to the Internet, send via email, or can share with others via a variety of methods. Other users can download such files and install it with one click.

An attacker can similarly create a ‘.theme’ file wherein the default wallpaper setting points to a website that requires authentication. When unsuspecting users enter their credentials, an NTLM hash of the details is sent to the site for authentication. Non-complex passwords are then cracked open using special de-hashing software.

Windows 10 Theme Vulnerability

[Credential Harvesting Trick] Using a Windows .theme file, the Wallpaper key can be configured to point to a remote auth-required http/s resource. When a user activates the theme file (e.g. opened from a link/attachment), a Windows cred prompt is displayed to the user.

What are *.theme files?

Technically, *.theme files are *.ini files which include a number of sections that Windows reads and changes appearance of the OS according to instructions it found. The theme file specifies the accent color, wallpapers to apply, and a few other options.

One of its sections looks as follows.

[Control PanelDesktop]
Wallpaper=%WinDir%webwallpaperWindowsimg0.jpg

It specifies the default wallpaper applied when the user install the theme. Instead of the local path, points the researcher, it can be set to a remote resource that can be used to make the user enter his credentials.

Malformed Theme File

The wallpaper key is located under the “Control PanelDesktop” section of the .theme file. Other keys may possibly be used in the same manner, and this may also work for netNTLM hash disclosure when set for remote file locations, says Jimmy Bayne.

The researcher provides a method to mitigate the issue.

From a defensive perspective, block/re-associate/hunt for “theme”, “themepack”, “desktopthemepackfile” extensions. In browsers, users should be presented with a check before opening. Other CVE vulns have been disclosed in recent years, so it is worth addressing and mitigating

Source: Neowin

RECOMMENDED: Click here to fix Windows errors and optimize system performance

If you want to read more like this article, you can visit our Technology category.

if you want to watch Movies or Tv Shows go to Dizi.BuradaBiliyorum.Com for forums sites go to Forum.BuradaBiliyorum.Com

Source

Tags

Related Articles

#How to Get Android Notifications on a Windows 10 PC

#Google Ads Editor version 2.6 launches with 8 new features

#Google Ads Editor version 2.6 launches with 8 new features

#Best gaming gadgets of 2022

#Best gaming gadgets of 2022

#Spooky space: Blue ring nebula reveals the secrets of binary stars

Leave a Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Close

Please allow ads on our site

Please consider supporting us by disabling your ad blocker!