Tuesday, June 24, 2025
Phonemantra
No Result
View All Result
  • Home
  • Mobiles
  • Tech News
  • Cars
  • Entertainment
  • USA News
  • Health
  • Cameras
  • Gaming
No Result
View All Result
  • Home
  • Mobiles
  • Tech News
  • Cars
  • Entertainment
  • USA News
  • Health
  • Cameras
  • Gaming
No Result
View All Result
Phonemantra
No Result
View All Result
Home Windows

Windows 10 custom themes can be used to steal credentials

Windows 10 custom themes can be used to steal credentials

Security researcher Jimmy Bayne has discovered a loophole in Windows 10 theme settings that could be used by attackers to steal OS credentials. To do this, you need to create a specially configured theme that will allow a Pass-the-hash attack.

Windows10 bugs
Windows10 bugs

The Windows operating system allows you to create your own skins and share them through the settings interface. When the user saves a theme, a file with the extension “.theme” is created. If he decides to share his theme with someone, then it will be packed into a file with the “.deskthemepack” extension, which can be sent by email or in some other way.

Similarly, attackers can create “.theme” files that, when opened, will redirect users to a website that requires authentication. When users enter their information, an NTLM hash is sent to the site. User credentials can be extracted from it using special software.

One way to protect against such attacks is to find and block files with the extensions “.theme”, “.themepack” and “.desktopthemepackfile”. You can also use Group Policy to restrict the sending of hashed NTLM credentials to remote hosts.

The researcher notes that he reported the problem to Microsoft, but the developers still have not fixed it. Microsoft representatives have not yet commented on this issue.

  • 0Facebook
  • 0WhatsApp
  • 0Twitter
  • 0Pinterest
  • 0Reddit
  • 0Telegram
  • 0Facebook Messenger
  • Copy Link
  • 0Print
  •  shares

Related Posts

Xiaomi 15 Ultra: Expected Launch, Features, and Innovations for Early 2025
Tech News

Xiaomi 15 Ultra: Expected Launch, Features, and Innovations for Early 2025

December 3, 2024
Xiaomi 15
Mobiles

Xiaomi 15: A Flagship Powerhouse Ready

November 23, 2024
How to Access Your Android Phone
Tech News

How to Access Your Android Phone Through Windows 11

July 30, 2024 - Updated on July 31, 2024
Xiaomi HyperOS
Mobiles

Xiaomi Unveils HyperOS Rollout Plan for India

March 1, 2024
Xiaomi 14 Ultra
Mobiles

Xiaomi 14 Ultra Unveiling in China on February 22: A Sneak Peek into the Anticipated Launch

February 19, 2024
Xiaomi 14 Ultra
Mobiles

Xiaomi 14 Ultra: Leaks Hint at Leatherette, Glass, and Titanium Variants

February 14, 2024

Recommended Stories

Radeon RX 7800 XT

Reference Radeon RX 7800 XT decided to release only Sapphire

September 5, 2023

“Something special and crazy”: the developer of the new God of War dubbed it the best game of 2021 in absentia

November 4, 2020 - Updated on December 8, 2022
Balatro Gets Streamlined

Balatro Gets Streamlined: Update Aims to Improve Accessibility Without Sacrificing Depth

May 2, 2024

Ads

Popular Stories

  • Summer Stroke Risks

    Summer Stroke Risks

    0 shares
    Share 0 Tweet 0
  • Men’s Preventive Health Matters

    0 shares
    Share 0 Tweet 0
  • Stroke Prevention and Treatment

    0 shares
    Share 0 Tweet 0
  • The ABCDEs of Skin Cancer

    0 shares
    Share 0 Tweet 0
  • Coping with Diabetes During the Summer Heat

    0 shares
    Share 0 Tweet 0
Phonemantra

© 2025 Phonemantra

Navigate Site

  • Our Team
  • Sitemap
  • Legal Disclaimer
  • Privacy Policy
  • Contact Us

Follow Us

No Result
View All Result
  • Home
  • Mobiles
  • Tech News
  • Cars
  • Entertainment
  • USA News
  • Health
  • Cameras
  • Gaming

© 2025 Phonemantra