“We do not agree with original claims,” the company says

Apr 14, 2015 13:18 GMT  ·  By

Today security company Cylance has revealed a security flaw affecting all Windows versions, confirming that pretty much every single edition of the desktop operating system is affected by a vulnerability that could expose usernames and passwords on a PC.

In a statement provided by Microsoft and attributed to a company spokesperson, Redmond confirms the flaw but says that it's not necessarily a new kind of attack, but mostly an old technique that involves users and lures them into clicking malicious links.

Indeed, Cylance said in its original report that users would have to click a malicious link sent by the attacker in order to have their computers exploited, but it explained that usernames and passwords would be stolen after authentication is performed in the background without any other prompt displayed to users.

Microsoft, on the other hand, says that users are at the core of this exploit and explains that, without their input, no such vulnerability would be possible. The software giant, however, hasn't provided any information on a possible patch to address the flaw, but this is expected to be launched next month as part of the Patch Tuesday rollout.

“We don't agree with Cylance's claims of a new attack type. Cybercriminals continue to be engaged in a number of nefarious tactics. However, several factors would need to come together for this type of cyberattack to work, such as success in luring a person to enter information into a fake website. We encourage people to avoid opening links in emails from senders that they don't recognize or visiting unsecure sites,” a company spokesperson said.

How to block exploits

While there are some other more advanced techniques to block the flaw, Microsoft provides some basic recommendations to those who'd like to make sure that no exploit is possible until a patch arrives.

As we told you earlier today, it's recommended to avoid clicking on suspicious links coming from unknown sources, and Microsoft says that this is pretty much the most effective way to avoid getting hacked. Even with up-to-date antivirus software, visiting malicious links could still get you exploited, so just don't click on anything that seems suspicious.

This month's Patch Tuesday updates will ship later today, but a fix for this issue is unlikely to be provided, so expect one in May.