Skip to main content

Legacy Microsoft Account bug could cause issues for Windows 10 users

On the surface, Windows 10 looks almost nothing like its predecessor, Windows 95. However, there’s now word that the current version of Microsoft’s flagship OS might still possess a potentially ruinous security issue that’s more than a decade old.

Windows 8 and Windows 10 users could run afoul of this legacy bug as they enter their Microsoft Account credentials, according to a report from WinBeta. The issue is that services including Microsoft Edge, Internet Explorer, and Outlook allow connections to local network shares — but default settings don’t prevent connections to remote shares.

Recommended Videos

This could be exploited through the creation of a website or a scam email that uses content loaded from a network share. Microsoft’s web browsers and email clients would try load the network share resource, and in doing so, send the active user’s login credentials to that network share.

The report detailing this issue states that in this eventuality, usernames would be submitted in plain text, while the password would be hashed using the NTLMv2 protocol.

This problem was never such a threat in earlier versions of Windows, because users would log into their system with a local username and password. However, since Windows 8 and Windows 10 users log in with their Microsoft Account, there’s far more potential for this gap in security to be exploited.

The research team responsible for these findings recommends that users either adopt third-party services in place of their Microsoft equivalents for the time being, or use a “host-based hardening” technique detailed in their report.

However, it seems likely that Microsoft will deliver a fix as soon as possible, now that the issue has been detailed in this manner. The company just launched its much-hyped Windows 10 Anniversary Update on August 2, so now would be a good time to demonstrate an efficient response to security concerns such as this.

Brad Jones
Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…
Copilot is Microsoft’s cue to redeem Windows and edge past macOS
The new Surface Laptop 13 on a white table.

There is always going to be a big divide between macOS and Windows. Much of it has to do with the functional disparities that are deeply ingrained at an OS-level. Or if you dive into the heated community debates, you will see it broadly as a battle between seamlessness and flexibility. 

Gaming remains the guiding star for Windows adherents. A handful of highly specialized niche industry tools also remain locked to the Microsoft platform. On the other hand, macOS fans swear by the fluid software, plenty of firepower options in the M-series silicon era, and fantastic hardware. 

Read more
Windows 11’s controversial AI Recall feature is coming to your Copilot+ PC very soon
The Surface Pro 11 on a white table in front of a window.

As AI strides on, it inevitably finds its way onto our personal devices, with tech giants announcing new features that rely on accessing our private information and media to serve us better. While some might find this useful, others are bound to find it creepy, and one such feature is Microsoft's controversial AI Recall, which takes screenshots of everything you do on a Copilot+ PC so it's easier to trace back your steps and find something specific later. After being announced last year, and then witnessing a few delays, Recall is finally rolling out to a broader group of Windows 11.

Microsoft recently announced Recall is coming to Windows 11 with the latest Release channel update with build 26100.3902 (KB5055627). The feature's availability in the Windows 11 Release Preview channel, which succeeds the Beta channel in the Windows Insider program, means it is in the initial phases of being available to a wider audience of folks who own Copilot+ PC. This category of PCs currently includes a whole wide range of laptops with specialized hardware in the form of a neural processing unit (NPU) dedicatedly for running AI tasks, though we might see desktops joining the club soon.

Read more
Windows 11 and 10 users find new inetpub folder after April update
Shutdown menu in Windows 11.

Windows 11 and 10 users have reported a mysterious 'inetpub' folder after installing Microsoft's April 2025 updates, as Bleeping Computer reports. Although the folder is typically associated with the Internet Information Services (IIS) web server, it's now appearing on systems without it installed. Microsoft has confirmed that the behavior is intentional but has not fully explained why.

The unexpected folder is empty, and you can find it in the root of the C: drive even if you don't have IIS installed. If you had IIS installed (web server platform by Microsoft), it would use the inetpub folder to save logs, website content, and server-related files. So, it's weird you have one without the other after installing Windows 11 KB5055523 update or Windows 10 KB5055518. The SYSTEM account owns the new inetpub folder, meaning an elevated process made it.

Read more