Legacy Microsoft Account bug could cause issues for Windows 10 users

windows 10 insider preview 14955 outlook mail calendar narrator upgrade
Bill Roberson/Digital Trends
On the surface, Windows 10 looks almost nothing like its predecessor, Windows 95. However, there’s now word that the current version of Microsoft’s flagship OS might still possess a potentially ruinous security issue that’s more than a decade old.

Windows 8 and Windows 10 users could run afoul of this legacy bug as they enter their Microsoft Account credentials, according to a report from WinBeta. The issue is that services including Microsoft Edge, Internet Explorer, and Outlook allow connections to local network shares — but default settings don’t prevent connections to remote shares.

This could be exploited through the creation of a website or a scam email that uses content loaded from a network share. Microsoft’s web browsers and email clients would try load the network share resource, and in doing so, send the active user’s login credentials to that network share.

The report detailing this issue states that in this eventuality, usernames would be submitted in plain text, while the password would be hashed using the NTLMv2 protocol.

This problem was never such a threat in earlier versions of Windows, because users would log into their system with a local username and password. However, since Windows 8 and Windows 10 users log in with their Microsoft Account, there’s far more potential for this gap in security to be exploited.

The research team responsible for these findings recommends that users either adopt third-party services in place of their Microsoft equivalents for the time being, or use a “host-based hardening” technique detailed in their report.

However, it seems likely that Microsoft will deliver a fix as soon as possible, now that the issue has been detailed in this manner. The company just launched its much-hyped Windows 10 Anniversary Update on August 2, so now would be a good time to demonstrate an efficient response to security concerns such as this.

Social Media

A Facebook, Instagram bug exposed millions of passwords to its employees

Facebook, Facebook Lite, and Instagram passwords weren't properly encrypted and could be viewed by employees, the company said Thursday. The network estimates millions of users were affected.
Computing

Secure your Excel documents with a password by following these quick steps

Excel documents are used by people and businesses all over the world. Given how often they contain sensitive information, it makes sense to keep them from the wrong eyes. Thankfully, it's easy to secure them with a password.
Computing

Don’t be fooled! Study exposes most popular phishing email subject lines

Phishing emails are on the rise and a new study out by the cybersecurity company Barracuda has exposed some of the most common phishing email subject lines used to exploit businesses. 
Computing

Sending SMS messages from your PC is easier than you might think

Texting is a fact of life, but what to do when you're in the middle of something on your laptop or just don't have your phone handy? Here's how to send a text message from a computer, whether you prefer to use an email client or Windows 10.
Computing

G-Sync and FreeSync can make your games look better, but which is best?

There are some subtle differences between the two adaptive refresh technology offerings, and they affect cost, performance, and compatibility. Nvidia may have released it's feature first, but in recent years AMD has stepped up to the plate…
Computing

Problems with installing or updating Windows 10? Here's how to fix them

Upgrading to the newest version of Windows 10 is usually a breeze, but sometimes you run into issues. Never fear though. Our guide will help you isolate the issue at hand and solve it in a timely manner.
Product Review

Acer Predator Triton 500 review

Nvidia’s new RTX 2080 Max-Q is the fastest GPU you’ll find in any laptop, but it usually comes at a steep price. Acer’s Predator Triton 500, starting at $2,500, makes it a little more affordable. But what must you sacrifice in the…
Computing

Delete tracking cookies from your system by following these quick steps

Cookies are useful when it comes to saving your login credentials and other data, but they can also be used by advertisers to track your browsing habits across multiple sites. Here's how to clear cookies in the major browsers.
Computing

Get the Surface Pro 6, with keyboard included, for $1,000 at Microsoft

Thinking of buying a Surface Pro 6? Microsoft is currently running a deal on its latest Windows 2-in-1, letting you bring one home for $1,000 with the keyboard included in the price.
Computing

T-Mobile goes after big cable companies, pilots wireless home internet service

In a shot at big cable companies, T-Mobile is launching a new pilot program to bring an unlimited wireless LTE home internet service to up to 50,000 homes across the United States by the end of 2019.
Mobile

Type away on the best iPad keyboard cases, from the Mini to the Pro

Whether you're looking to replace your laptop with a tablet or merely want to increase your typing speed, a physical iPad keyboard is the perfect companion to the iPad. Check out our top picks for every available iPad model.
Computing

Tablet or notebook? Our favorite 2-in-1 PCs give you the best of both worlds

If you can’t decide if you need a tablet or a notebook, then don’t bother. The best 2-in-1 laptops are both, and they can provide all the power you need. Check out our list for the best 2-in-1s for any user.
Computing

How the Google Stadia could lead to a new era of multi-GPU gaming

Google's Stadia could use more than one graphics card to deliver the high-performance visuals it's promised. If that leads to better developer support for multi-GPUs, could that mean gaming with two or more graphics cards could finally be…
Computing

Intel gives a peek at what its Arctic Sound GPU could look like

A new set of concept images shown at GDC 2019 is providing a peek at what Intel's upcoming modern discrete GPU, code-named. Arctic Sound, could end up looking like when released in 2020.