Security researcher, Jimmy Bayne, very recently posted on Twitter about a severe loophole in the Windows 10 themes settings. According to him, there is a gap in the security of the new Themes settings of Windows 10. This gap can be utilized to create a theme and then it can be used to impose a Pass-the-Hash attack. The flexibility and freedom to install from other sources can give attackers the advantage to create malicious themes. The cyber criminals may initiate the user to input their login credentials before downloading the themes. Most users are not aware of the various facets of malware, cyber crimes and hacking. Thus it is very obvious that they will fall into these traps.
With Windows 10, users can easily share themes from the Settings app. All you need to do is go to the Settings app, then go to Personalization. Under Personalization option, there is a Themes settings. Next, click on “Save theme for sharing”. This generates a ‘.deskthemepack’ file, which can be shared via email. Users can download these themes and install them in their respective computers. Any cybercriminal can dupe this file and create a .theme file, in such a way, that installing the theme will require authentication. When the user tries to login using their login credentials, an NTLM hash is sent to the user for authenticating. In this way, the data will be stolen. Here, it is important to mention, that simple and weak passwords are more easily cracked with the help of de-hashing software.
According to security researcher Bayne, if extensions like .theme, .desktopthemepackfile or .themepack are blocked then, thus issue cam be resolved. This issue has been reported to Microsoft Security Response Center (MSRC), but the issue has not been dealt with till now. This is a feature by design in Windows 10. So, it is not known if Microsoft will remove the feature or change the structure of the files.