Windows 10 news recap: Huawei to launch new MateBook devices, Chrome can be used to steal passwords and more
3 min. read
Published on
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more
Welcome back to our Windows 10 news recap. We are continuing the trend of our weekly “Windows 10 news recap” series where we go over the top stories of the past week in the world of Microsoft’s flagship operating system.
WikiLeaks releases CIA spyware, known as Athena, that targets all Windows versions from XP to 10
Continuing the trend of the US intelligence agencies treasure trove of tools and exploits being leaked, WikiLeaks has now published details, and a demo, of spyware used by the CIA, that can affect devices from Windows XP to Windows 10.
Huawei to launch new portfolio of MateBook Windows 10 devices next week
Huawei has confirmed that it will be launching new devices, and of those devices is a range of new devices in its MateBook line, running Windows 10.
It’s time to maximise your lifestyle. Join us LIVE from Berlin on 23 May 2017 at 14:00 CEST to meet our latest products… #HuaweiMateBook pic.twitter.com/iz9hfEXw7f
— Huawei Mobile (@HuaweiMobile) May 15, 2017
Hackers could use Chrome on Windows 10 to steal passwords – Google is working on a fix
While Microsoft Edge and Internet Explorer are usually the ones being called out for security flaws, this time it is Google’s Chrome web browser. A flaw discovered in Chrome can be used to steal passwords stored with the browser, with just a file:
Once downloaded, the request is triggered the very moment the download directory is opened in Windows File Explorer to view the file, delete it or work with other files (which is pretty much inevitable). There is no need to click or open the downloaded file – Windows File Explorer will automatically try to retrieve the “icon“. The remote SMB server set up by the attacker is ready to capture the victim’s username and NTLMv2 password hash for offline cracking or relay the connection to an externally available service that accepts the same kind of authentication (e.g. Microsoft Exchange) to impersonate the victim without ever knowing the password.
Currently, the attacker just needs to entice the victim (using fully updated Google Chrome and Windows) to visit his web site to be able to proceed and reuse victim’s authentication credentials. Even if the victim is not a privileged user (for example, an administrator), such vulnerability could pose a significant threat to large organisations as it enables the attacker to impersonate members of the organisation. Such an attacker could immediately reuse gained privileges to further escalate access and perform attacks on other users or gain access and control of IT resources.
Apple makes it easier to install Windows 10 Creators Update on macOS Sierra with Boot Camp
Installing and running the Windows 10 Creators Update on macOS devices running Sierra is now made easier thanks to an update by Apple that makes it easier to install via Boot Camp.
That’s the top Windows 10 news for the past week – we’ll be back next week with more.
