Skip to main content
  1. Home
  2. Computing
  3. News

Legacy Microsoft Account bug could cause issues for Windows 10 users

By

windows 10 insider preview 14955 outlook mail calendar narrator upgrade
Bill Roberson/Digital Trends
On the surface, Windows 10 looks almost nothing like its predecessor, Windows 95. However, there’s now word that the current version of Microsoft’s flagship OS might still possess a potentially ruinous security issue that’s more than a decade old.

Windows 8 and Windows 10 users could run afoul of this legacy bug as they enter their Microsoft Account credentials, according to a report from WinBeta. The issue is that services including Microsoft Edge, Internet Explorer, and Outlook allow connections to local network shares — but default settings don’t prevent connections to remote shares.

Recommended Videos

This could be exploited through the creation of a website or a scam email that uses content loaded from a network share. Microsoft’s web browsers and email clients would try load the network share resource, and in doing so, send the active user’s login credentials to that network share.

Related

The report detailing this issue states that in this eventuality, usernames would be submitted in plain text, while the password would be hashed using the NTLMv2 protocol.

This problem was never such a threat in earlier versions of Windows, because users would log into their system with a local username and password. However, since Windows 8 and Windows 10 users log in with their Microsoft Account, there’s far more potential for this gap in security to be exploited.

The research team responsible for these findings recommends that users either adopt third-party services in place of their Microsoft equivalents for the time being, or use a “host-based hardening” technique detailed in their report.

However, it seems likely that Microsoft will deliver a fix as soon as possible, now that the issue has been detailed in this manner. The company just launched its much-hyped Windows 10 Anniversary Update on August 2, so now would be a good time to demonstrate an efficient response to security concerns such as this.

Editors’ Recommendations

Topics
Brad Jones
Brad Jones
Former Digital Trends Contributor
Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…
You have one year to safely use Windows 10 before you’ll need to pay
Windows 11 logo on a laptop.

Microsoft will be allowing consumers to join its Extended Security Updates (ESU) program for the first time next year, and it announced the program pricing today in a blog post. The official end-of-service date for Windows 10 is October 14, 2025, but by paying $30 to join the ESU program, you can receive an extra year of security updates. This will allow you to continue safely using Windows 10 until around October 2026, a full two years from now.

By the time support for Windows 10 ends, it will be almost exactly four years since Windows 11 launched and a decade since Windows 10 launched. It takes a lot of work to keep an operating system secure and running smoothly, which is why a company like Microsoft can't just endlessly support every version of Windows it's ever shipped. It would end up costing a lot more money than it made -- and that's not how businesses function.

Read more
Microsoft is forced to halt the Windows 11 24H2 update on some PCs
The Surface Pro 11 on a white table in front of a window.

Microsoft’s recent Windows 11 24H2 update is off to a bumpy start. According to a report by Bleeping Computer, users are facing compatibility issues across various hardware and software configurations, prompting the company to temporarily block the update for some devices.

The affected systems include specific Asus laptop models and configurations involving software like Voicemeeter, Safe Exam Browser, and older versions of Easy Anti-Cheat, commonly used in gaming.

Read more
Windows 11 24H2 may crash your PC if you have a certain SSD
The blue screen of death in Windows.

Microsoft's Windows 11 2024 Update, more commonly referred to as 24H2, is here, but it's not without issues. Reports from disgruntled users have flooded various forums, talking about constant blue screens of death (BSOD) that have appeared since they updated to the latest version of Windows. Although Microsoft has yet to officially acknowledge the problem, the users seem to have pinpointed the cause of it, and even found a workaround.

So far, it looks like these crashes are fairly limited in scope, as they seem to happen if you have one of a few Western Digital SSD models. Other SSD vendors appear unaffected so far. As reported on the WD Community Forums, users are getting BSODs with the error "critical process has died" ever since they updated to the 24H2 update.

Read more