Security News > 2020 > September > Serious Security: Hacking Windows passwords via your wallpaper
In the animation above, you can see how double-clicking a.theme file launches the Windows Settings app, automatically navigates to the Preferences > Themes section, and then opens, copies, selects and renders the new wallpaper file justatest.
As Bohops and others have pointed out, you can use a Windows UNC path instead of a website name in a Theme file, which tells Windows to use its file-based networking instead of a regular HTTP connection to retrieve the file.
UNC paths are well-known to users of Windows networking, and usually rely on Windows computer names and network share names, such as YOURPCC$WindowsSystem32NOTEPAD.EXE. But you can put an internet domain name or an IP number into a Windows UNC name, and Windows will automatically trigger its built-in WebDAV client to fetch the file, instead of using its own networking protocols.
The command PROPFIND that follows is essentially the WebDAV equivalent of the Windows function pair FindFirstFile()/FindNextFile(),and shows us which file Windows wants to download. We replied to Windows and requested the use of HTTP NTLM authentication.
Windows uses file extensions to decide how to handle files, and you should too, because the crooks love to use names like safe.
News URL
Related news
- Windows 10 KB5044273 update released with 9 fixes, security updates (source)
- Microsoft plans to boot security vendors out of the Windows kernel (source)
- Microsoft announces new and improved Windows 11 security features (source)
- Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity (source)