Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
myhack58佚名MYHACK58:62201569242
HistoryNov 21, 2015 - 12:00 a.m.

Microsoft to fix the Bitlocker Drive Encryption tool bypass vulnerability-vulnerability warning-the black bar safety net

2015-11-2100:00:00
佚名
www.myhack58.com
12
JSON

! [](/Article/UploadPic/2015-11/2 0 1 5 1 1 2 1 6 2 8 5 8 7 2. jpg? www. myhack58. com)
Microsoft recently fix for Windows Bitlocker Drive Encryption in a vulnerability, this vulnerability can be used to quickly bypass the encryption function to obtain to the victims of the encryption of important information.
Encryption vulnerabilities in software
Disk encryption tool is an important protection software, all electronic devices need to rely on them to protect user data. In which they appear before, an attacker would only need to boot Linux, and then install there user data to the disk can access the user’s encrypted files.
However, these software there are also vulnerabilities give hackers an opportunity.
In September, Google Project Zero team’s security expert James Forshaw in the Windows system is installed on the encryption software TrueCrypt found two high-risk vulnerabilities. TrueCrypt last year to switch to Microsoft’s Bitlocker. That is the two high-risk vulnerabilities is Bitlocker.
Attack method
According to Synopsys, the security experts of the company Ian Haken recently conducted studies show that the BitLocker security feature can be bypassed, and the process is also not complicated.
! [](/Article/UploadPic/2015-11/2 0 1 5 1 1 2 1 6 2 8 6 3 7 5. jpg? www. myhack58. com)
Haken in his report explained that if the personal computer is already joined to a domain or an authorized domain before the user login through the computer, then the hacker can through the user who use password to set a simulation domain controller to attack.
The lower figure is based on Debian Linux using Samba’s operation, assume that the target device is connected to the MISKATONIC domain and the user account name is ihaken it.
! [](/Article/UploadPic/2015-11/2 0 1 5 1 1 2 1 6 2 8 6 7 4 1. png? www. myhack58. com)
To perform this attack, the attacker can be from the network traffic to obtain to the domain name and username,and then connect the target device to the domain controller authentication over the network.
After that, hackers can use the domain before the user on the device using the password“password! 2 3”to login. Since the password is expired the password, the computer will allow a hacker to set a new password. As long as the finally disable the computer network connection, use the new password to log in.
“Once logged on, a hacker can access to all the user’s data, such as e-mail, intellectual property, saved passwords, cached credentials, etc. If the user is a local Administrator, the hacker may also from the kernel memory to obtain the BitLocker key.”
Microsoft’s latest fix
Microsoft just fixed the vulnerability in the latest security update included the vulnerability patch, and in the MS15-1 2 2 in the security Bulletin reported.

JSON