Microsoft Researchers Reveal Remote Encryption-Bypassing ‘Evil Butler’ Exploit

A security researcher demonstrated a way to bypass the full disk encryption in Windows BitLocker last November — but that attack required physical access. Inserting the PC into a network with a counterfeit domain controller with incorrect time settings “allowed the attacker to poison the credentials cache and set a new password on the targeted device.”

An anonymous Slashdot reader writes:

Microsoft fixed this vulnerability, and then fixed it again when two researchers pointed out in February 2016 that the fix was incomplete. At this year’s Black Hat security conference, two Microsoft researchers have discovered a way to carry out the Evil Maid attack from a remote location, even over the Internet.

The two researchers say that an attacker can compromise a PC, configure it to work as a rogue domain controller, and then use Remote Desktop Protocol to access computers (that have open RDP connections) on the same network and carry out the attack from a distance. This particular attack, nicknamed a Remote Evil Butler, can be extremely attractive and valuable for cyber-espionage groups.

The article points out that Microsoft’s February fix prevents this exploit, adding “The reason the two Microsoft researchers disclosed this variation of the original attack is to make companies understand the need to keep their systems up to date at all times.”


Share on Google+

Read more of this story at Slashdot.

Clip to Evernote

Leave a Reply

Your email address will not be published. Required fields are marked *