9 Sep
2020
9 Sep
'20
1:47 p.m.
On Wed, 9 Sep 2020 13:08:24 +1200, Peter Reutemann quoted:
'Specially crafted Windows 10 themes and theme packs can be used in 'Pass-the-Hash' attacks to steal Windows account credentials from unsuspecting users.'
From the original article <https://www.bleepingcomputer.com/news/microsoft/windows-10-themes-can-be-abused-to-steal-windows-passwords/>:
Bayne stated that he disclosed this attack to Microsoft earlier this year, but was told it would not be fixed as it is a "feature by design." Unfortunately, all of the workarounds suggested there come with their own problems.