Prevent your Windows Username and Password from being stolen!

A security leak in all versions of Windows will leak your Windows login and password information over the internet. Simply viewing an image on any website, pop-up, or e-mail may compromise your computer, your accounts, all your information, and possibly even your identity!

This flaw has been patched recently, but ONLY for users that sign in to their computer with a Microsoft Account, the patch does nothing for Local Accounts. If the button below is red, you are vulnerable to the leak, we highly recommend pushing the button (or converting to a Microsoft account and making sure your Windows is up to date.)

How do Hackers Steal my Information and what can they do with it?

Edge, Internet Explorer, and Outlook are all unsafe. Even if you don't use these programs on a daily basis, some websites (like utility payments) require you to use IE. Additionally, Windows 10 is going out of its way to make Edge your default browser, clicking on a link in a program like Word may launch it!

Essentially, all an attacker has to do is create or change an existing web page that contains a link to an image hosted on a SMB server under their control. This image can be embedded in any website, including legitimate websites' ads or e-mail. As soon as the image is viewed inside a Microsoft product such as Edge, Internet Explorer or Outlook, that software will try to connect to that server in order to download the image. Doing so, it will silently send the user’s Windows login username in plain-text along with the hash of the login password to the attacker’s server. The server easily cracks the hash in a matter of seconds, giving them your password.



How can Hackers use your information?

Login to your computer remotely, giving them access to:

  • All your documents and files
  • Websites and programs with saved passwords
  • E-mails and Personal Information

Access any number of these services:

  • Microsoft OneDrive (cloud storage)
  • Microsoft Outlook (e-mail)
  • Skype account (if signed up with a Microsoft account)
  • Xbox Live network
  • Microsoft Office
  • MSN account (Instant Messaging)
  • Windows Mobile account (access to mobile phone)
  • Microsoft Bing account (access to search history)

Advanced fix for Enterprise and Corporate Users

Guidelines for blocking specific firewall ports to prevent SMB traffic from leaving the corporate environment https://support.microsoft.com/en-us/kb/3185535

Who may want to reverse the fix?

  • Users with an Active Directory Domain
  • Users in an Enterprise or Corporate environment that rely on NTLM traffic
  • VPN Users
  • NAS Users
  • Network Shared Folder Users

Technical Details

Button 1:

Action: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\RestrictSendingNTLMTraffic is created and set to 2
Result: Windows will no longer send SMB credential traffic to ANY remote servers.

Button 2:

Action: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\RestrictSendingNTLMTraffic is Deleted

Advanced Tip

"If you need to add server exceptions, you will need to follow the instructions below:
To do this, open the Windows Registry Editor by starting the C:\Windows\regedit.exe program.
Use Regedit to navigate to the following registry path HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0 as shown below.
Right click the MSV1_0 “folder” in the left-hand window and select “New”, “Multi-String Value” and give it the name “ClientAllowedNTLMServers”.
Double-clicking on this value to enter data will bring up a box where you can add text.
In this box you should add the names of each server that you wish to allow Windows SMD credential traffic to be sent to, each on their own line." - Source