Skip to main content

Legacy Microsoft Account bug could cause issues for Windows 10 users

windows 10 insider preview 14955 outlook mail calendar narrator upgrade
Bill Roberson/Digital Trends
On the surface, Windows 10 looks almost nothing like its predecessor, Windows 95. However, there’s now word that the current version of Microsoft’s flagship OS might still possess a potentially ruinous security issue that’s more than a decade old.

Windows 8 and Windows 10 users could run afoul of this legacy bug as they enter their Microsoft Account credentials, according to a report from WinBeta. The issue is that services including Microsoft Edge, Internet Explorer, and Outlook allow connections to local network shares — but default settings don’t prevent connections to remote shares.

Recommended Videos

This could be exploited through the creation of a website or a scam email that uses content loaded from a network share. Microsoft’s web browsers and email clients would try load the network share resource, and in doing so, send the active user’s login credentials to that network share.

Please enable Javascript to view this content

The report detailing this issue states that in this eventuality, usernames would be submitted in plain text, while the password would be hashed using the NTLMv2 protocol.

This problem was never such a threat in earlier versions of Windows, because users would log into their system with a local username and password. However, since Windows 8 and Windows 10 users log in with their Microsoft Account, there’s far more potential for this gap in security to be exploited.

The research team responsible for these findings recommends that users either adopt third-party services in place of their Microsoft equivalents for the time being, or use a “host-based hardening” technique detailed in their report.

However, it seems likely that Microsoft will deliver a fix as soon as possible, now that the issue has been detailed in this manner. The company just launched its much-hyped Windows 10 Anniversary Update on August 2, so now would be a good time to demonstrate an efficient response to security concerns such as this.

Brad Jones
Former Digital Trends Contributor
Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…
Is Windows 11 acting up for you? This might be why
The Surface Pro 11 on a white table in front of a window.

This year's big Windows 11 update, 24H2, started a phased rollout in October and just became available to more PCs yesterday, December 4, as spotted by Windows Latest. To check if your PC is ready for it, just head to the settings page and check for updates -- if an update is not there for download yet, you'll have to wait until later in the rollout process.

Getting new things first isn't always a good thing when it comes to software, however. It can take quite a while for a new Windows build to be announced as "stable," and 24H2 is far from earning that title at the moment.

Read more
Microsoft won’t back down on Windows 11’s biggest hurdle
The Surface Pro 11 on a white table in front of a window.

Microsoft has reaffirmed that it will not lower the minimum hardware requirements for Windows 11, solidifying the need for a Trusted Platform Module (TPM) 2.0 and a compatible CPU. This decision leaves many older PCs ineligible for the upgrade. Microsoft emphasizes that these standards are vital for improved security and performance.

As per a recent blog post titled “TPM 2.0 – a necessity for a secure and future-proof Windows 11,” Microsoft reaffirmed its decision not to relax Windows 11’s strict hardware requirements. TPM 2.0 is a hardware-based security feature that protects sensitive data and ensures secure boot processes. Microsoft argues that such measures are nonnegotiable as the company continues to address rising cybersecurity threats. The minimum requirements include a list of approved CPUs, starting from AMD Ryzen 2000 and Intel 8th Gen processors, that offer advanced security features and better performance efficiency.

Read more
Windows 11 remains the driver of growth in PCs, not AI
The Surface Laptop shown in front of a Copilot+ sign.

There's been a lot of talk about AI PCs this year, but has it actually delivered on its promise? A new analysis from TrendForce says the significant boost in laptop sales in 2024 has more to do with Windows 11 updates than it does with fancy new AI features.

"The impact of AI-integrated notebooks on the overall market remains limited for now," the report states. "However, AI features are expected to naturally integrate into notebook specifications as brands gradually incorporate them, resulting in a steady rise in the penetration rates of AI notebooks."

Read more