A vulnerability has been identified in the Windows Hello for Business (WHfB) authentication system that allows attackers to bypass the biometric protection of computers and laptops. WHfB was susceptible to attacks using a method of reducing the level of security, despite the use of cryptographic keys, reports the Dark Reading portal.
Image source: Microsoft
WHfB is a feature available in commercial and enterprise editions of Windows 10 since 2016. It uses cryptographic keys stored in the computer’s Trusted Platform Module (TPM) and is activated using biometric or PIN authentication. The feature was supposed to provide a higher level of security compared to passwords or one-time passwords (OTP) sent via SMS.
The vulnerability allows hackers to lower the level of authentication security, allowing access to user accounts. An attacker can intercept and modify POST requests to the Microsoft authentication service, downgrading the WHfB security level to less secure verification levels such as passwords or OTP.
Microsoft created a patch to address the vulnerability in March, adding a new conditional access feature called Authentication strength that administrators can now enable in the Azure Portal. The new update allows you to force only phishing-resistant authentication methods to be used, leaving no room for security compromises.
Experts emphasize that the WHfB system itself remains secure, but organizations need to properly configure conditional access policies to prevent the possibility of downgrading authentication security.
A study by Cellular Insights Inc. found that Qualcomm's mobile modems perform better than Apple's…
Tesla has called on the Trump administration to exercise caution in imposing tariffs on imported…
Meta✴ will split its AI teams to better compete with OpenAI and Google, as well…
Ru Weerasuriya, co-founder of Ready at Dawn, which closed last summer, and creative director of…
To be honest, when I first saw the news about the release of the portable…
Polish studio Parasight, known for the folklore action game Blacktail about the young Baba Yaga,…