A vulnerability has been identified in the Windows Hello for Business (WHfB) authentication system that allows attackers to bypass the biometric protection of computers and laptops. WHfB was susceptible to attacks using a method of reducing the level of security, despite the use of cryptographic keys, reports the Dark Reading portal.
WHfB is a feature available in commercial and enterprise editions of Windows 10 since 2016. It uses cryptographic keys stored in the computer’s Trusted Platform Module (TPM) and is activated using biometric or PIN authentication. The feature was supposed to provide a higher level of security compared to passwords or one-time passwords (OTP) sent via SMS.
The vulnerability allows hackers to lower the level of authentication security, allowing access to user accounts. An attacker can intercept and modify POST requests to the Microsoft authentication service, downgrading the WHfB security level to less secure verification levels such as passwords or OTP.
Microsoft created a patch to address the vulnerability in March, adding a new conditional access feature called Authentication strength that administrators can now enable in the Azure Portal. The new update allows you to force only phishing-resistant authentication methods to be used, leaving no room for security compromises.
Experts emphasize that the WHfB system itself remains secure, but organizations need to properly configure conditional access policies to prevent the possibility of downgrading authentication security.
Alibaba Cloud presented at its annual Apsara conference a modular data center architecture called “CUBE…
The original Resident Evil 3: Nemesis turned 25 years old yesterday, and the digital distribution…
The United States and India have reached an agreement under which a new semiconductor manufacturing…
For more than 25 years since the release of the original Half-Life, players have tried…
Image Source: Mediatonic Among the available formats are team deathmatch, every man for himself, and…
Seasonic has released the PRIME PX-2200 2200 W power supply. The new product was first…