On Tuesday, Microsoft identified two major vulnerabilities in the Windows operating system, in addition to other Microsoft products and non-critical updates. One vulnerability in particular exploits common system components for every major release of Windows since 95 and through Windows 10 (still in development) which can be used to retrieve Windows login credentials (username and password). These credentials can then be cracked in less than a day using moderate resources by an attacker. As of right now, there has been no patch for this vulnerability, identified as “Redirect to SMB.” To mitigate the risk posed by this vulnerability, TSS recommends following safe browsing and computing procedures. Do not click on links in unsolicited emails, and note the path of any link you click on while browsing the Internet. The vulnerability will exploit links that begin with “file://”.
For more on this vulnerability, you can read here: www.computing.co.uk/ctg/news/2403924/windows-redirect-to-smb-exploit-could-affect-millions-say-security-researchers
As a reminder, Microsoft no longer supports versions of Windows older than Vista (i.e., Windows 95, 98, 2000, ME, and XP). If you are still using a version of Windows that is unsupported by Microsoft, these vulnerabilities, as well as any newly discovered ones going forward will remain unpatched. NYU TSS strongly recommends that you upgrade your operating system immediately by purchasing a new version of Windows or a new computer.