Press Release

Cylance SPEAR Team Discovers Vulnerability Impacting All Versions of Windows, Including Windows 10 Preview

Press + Media Contact
Cylance PR Team
Cylance Inc.

Loophole Allows Attacker to Gain Access to Login Credentials; Popular Apps From Adobe, Apple, Box and Microsoft Also Impacted

Irvine, CA -- (Apr 13, 2015)  – Cylance, the first predictive cyber threat security company that combines the power of math and machine learning to stop malware, revealed on Monday that its SPEAR security research team discovered a vulnerability in all versions of Microsoft's Windows operating systems. The vulnerability can be exploited to steal sensitive login credentials in stealthy attacks.

In research led by SPEAR team member Brian Wallace, Cylance identified 31 software packages that can be abused to leak login credentials using this vulnerability, which is dubbed Redirect to SMB. They include some of the world's most popular applications: Adobe Reader; Apple QuickTime and Apple Software Update for iTunes; Box's Sync client; Symantec's Norton Security Scan; and Microsoft's Internet Explorer 11, Excel 2010 and Windows Media Player.

The vulnerability is an extension of one discovered by Aaron Spangler in 1997, which is still not defended against by default. Redirect to SMB works by tricking applications into allowing the Windows operating systems to authenticate with a hacker-controlled server, enabling an attacker to take a victim's login credentials, including encrypted passwords.

Cylance has worked closely with CERT at Carnegie Mellon University to coordinate disclosure of this vulnerability.

For more information about this vulnerability and to learn about future discoveries, please visit the Cylance Blog.

About Cylance® Inc.

Cylance is the only company to offer a preventive cybersecurity solution that stops advanced threats and malware at the most vulnerable point: the endpoint. Applying a revolutionary artificial intelligence approach, the Cylance endpoint security solution, CylancePROTECT®, analyzes the DNA of code prior to its execution on the endpoint to find and prevent threats others can’t, while using a fraction of the system resources associated with endpoint antivirus and detect and respond solutions that are deployed in enterprises today. For more information visit:

Cylance and CylancePROTECT are registered trademarks or trademarks owned by Cylance Inc. in the United States and other jurisdictions and may not be used without prior written permission. All other trademarks are the property of their respective owners.

We use cookies to provide you a relevant user experience, analyze our traffic, and provide social media features. Read More