Windows 10 Bundles Password Manager With A Major Vulnerability
Recent reports have revealed that some version of the Windows 10 bundled a password manager that had a critical security flaw which can exploited by websites to steal the users' password information.
The security flaw and vulnerabilities implicated were discovered by Google Project Zero researcher Tavis Ormandy, who reported that the Keeper Password Manager comes pre-installed with the newest version of the Windows 10 system, which was obtained directly from the Microsoft Developer Network. Ormandy tested the unwanted app and soon found that it would prompt him to enable a plugin that would leave users vulnerable to exploitation by many websites. Ormandy indicated that this might be the same security flaw that he reported almost two years ago.
Fortunately, the bug has already been eradicated a few hours after Ormandy reported the incident. However, it did leave many users vulnerable for a little over a week since the update was released. Moreover, a spokesperson from Keeper has already said that the bug is not the same as the security flaw that was discovered.
Get Our Latest News for FREE
"We are aware of the report about this third-party app, and the developer is providing updates to protect customers," Microsoft representatives said in a statement, as reported by Ars Technica.
Further reports indicate that the users who were vulnerable because of the security flaw were only those who enabled the plugin. As such, users were advised to update their system in order to install the patch that would resolve the issue. However, fans and experts also speculated that if such a bug could be published in the Windows 10 system, Microsoft's process for screening third-party apps may not be as airtight as should be desired. Microsoft has yet to respond for comment on the implications of what has transpired, but more information is expected in the coming months. In the meantime, the update should automatically download if auto-update is turned on in Windows 10 devices.
