Monday, June 2, 2025
Phonemantra
No Result
View All Result
  • Home
  • Mobiles
  • Tech News
  • Cars
  • Entertainment
  • USA News
  • Health
  • Cameras
  • Gaming
No Result
View All Result
  • Home
  • Mobiles
  • Tech News
  • Cars
  • Entertainment
  • USA News
  • Health
  • Cameras
  • Gaming
No Result
View All Result
Phonemantra
No Result
View All Result
Home Windows

Windows 10 custom themes can be used to steal credentials

Windows 10 custom themes can be used to steal credentials

Security researcher Jimmy Bayne has discovered a loophole in Windows 10 theme settings that could be used by attackers to steal OS credentials. To do this, you need to create a specially configured theme that will allow a Pass-the-hash attack.

Windows10 bugs
Windows10 bugs

The Windows operating system allows you to create your own skins and share them through the settings interface. When the user saves a theme, a file with the extension “.theme” is created. If he decides to share his theme with someone, then it will be packed into a file with the “.deskthemepack” extension, which can be sent by email or in some other way.

Similarly, attackers can create “.theme” files that, when opened, will redirect users to a website that requires authentication. When users enter their information, an NTLM hash is sent to the site. User credentials can be extracted from it using special software.

One way to protect against such attacks is to find and block files with the extensions “.theme”, “.themepack” and “.desktopthemepackfile”. You can also use Group Policy to restrict the sending of hashed NTLM credentials to remote hosts.

The researcher notes that he reported the problem to Microsoft, but the developers still have not fixed it. Microsoft representatives have not yet commented on this issue.

  • 0Facebook
  • 0WhatsApp
  • 0Twitter
  • 0Pinterest
  • 0Reddit
  • 0Telegram
  • 0Skype
  • 0Facebook Messenger
  • Copy Link
  • 0Print
  •  shares

Related Posts

Xiaomi 15 Ultra: Expected Launch, Features, and Innovations for Early 2025
Tech News

Xiaomi 15 Ultra: Expected Launch, Features, and Innovations for Early 2025

December 3, 2024
Xiaomi 15
Mobiles

Xiaomi 15: A Flagship Powerhouse Ready

November 23, 2024
How to Access Your Android Phone
Tech News

How to Access Your Android Phone Through Windows 11

July 30, 2024 - Updated on July 31, 2024
Xiaomi HyperOS
Mobiles

Xiaomi Unveils HyperOS Rollout Plan for India

March 1, 2024
Xiaomi 14 Ultra
Mobiles

Xiaomi 14 Ultra Unveiling in China on February 22: A Sneak Peek into the Anticipated Launch

February 19, 2024
Xiaomi 14 Ultra
Mobiles

Xiaomi 14 Ultra: Leaks Hint at Leatherette, Glass, and Titanium Variants

February 14, 2024

Recommended Stories

Volkswagen Virtus Surpasses

Volkswagen Virtus Surpasses 50,000 Sales

October 22, 2024
George Stephanopoulos

George Stephanopoulos Apologizes for Comment on Joe Biden’s Second Term White House Chances

July 10, 2024

Sonos and IKEA develop new smart speakers for Symfonisk line

April 7, 2021 - Updated on December 8, 2022

Ads

Popular Stories

  • Coping with Diabetes During the Summer Heat

    Coping with Diabetes During the Summer Heat

    0 shares
    Share 0 Tweet 0
  • Food Allergies

    0 shares
    Share 0 Tweet 0
  • Why Colon Health Should Be a Top Priority

    0 shares
    Share 0 Tweet 0
  • The Importance of Speaking Up About Healthcare Decisions

    0 shares
    Share 0 Tweet 0
  • The Truth About Dieting

    0 shares
    Share 0 Tweet 0
Phonemantra

© 2025 Phonemantra

Navigate Site

  • Our Team
  • Sitemap
  • Legal Disclaimer
  • Privacy Policy
  • Contact Us

Follow Us

No Result
View All Result
  • Home
  • Mobiles
  • Tech News
  • Cars
  • Entertainment
  • USA News
  • Health
  • Cameras
  • Gaming

© 2025 Phonemantra