Usually, about now we’d simply be wrapping up Windows and Office updates. But this month we must also ensure we’re not losing our Microsoft sign-in credentials.
And for those who have installed Win10 Anniversary Update, there’s a slew of fixes for a host of issues.
Resolving an unpatched MS-credentials leak
Before wrapping up August, we need to focus on a problem Microsoft apparently isn’t patching.
As detailed in an excellent Bleeping Computer article, your Microsoft username and password could be leaked to attackers if your computer doesn’t have the proper firewall between you and the Internet. It seems that Microsoft has decided there’s no real threat, but I think any weakness that might give hackers your sign-in credentials is a really big deal.
The Bleeping Computer article lists two sites for testing whether you’re vulnerable: msleak.perfect-privacy.com and witch.valdikss.org.ru (a Russian VPN service). NOTE: If you run the tests, be prepared to change your Microsoft-account credentials immediately.
The tests showed that my home systems weren’t vulnerable. But that’s because I have a hardware-based firewall that prevents Microsoft NT LAN Manager (NTLM) passwords from being transferred across the Net in clear text.
If the tests show that you’re vulnerable, I strongly recommend disabling the RestrictSendingNTLMTraffic setting, using the following steps. (You can even make the necessary Registry changes on Windows Home editions.)
- Open regedit and expand HKEY_LOCAL_MACHINE.
- Expand SYSTEM/CurrentControlSet/Control/Lsa.
- Under Lsa, right-click MSV1_0, select New, and then DWORD (32-bit) Value.
- For the DWORD label, enter RestrictSendingNTLMTraffic and hit enter.
- Double-click the new entry and enter 2 (which stands for “deny all”) into the Value data field.
- Close the editor and reboot your system. Sign in with your new password and run the leak tests once more.