A new threat has been discovered for users of the Windows operating system. It turns out that custom themes can be used to steal credentials.
The vulnerability was discovered by security specialist Jimmy Bayne. A loophole lies in the Windows 10 theme settings, which allows attackers to obtain user credentials by creating a special attack theme called Pass-the-hash (a type of replay attack).
Simply put, when a user installs customized themes from unverified sources, he opens a loophole for attackers to access his computer. When opening a file with such a theme, the user is redirected to a special page, where he is asked to enter his credentials.
The OS allows users to share themes with others through a settings interface. This creates a .deskthemepack file that can be sent, for example, by email. Attackers can also create a .theme file that redirects the user to the site and requires them to authenticate. Passwords that are not too complex are then cracked using special software.
As a precaution, the specialist suggests blocking files with extensions like .theme, .themepack and .desktopthemepackfile. He noted that Microsoft has already been notified of the problem, but has not yet fixed it.