Microsoft Account Login Allows Stealing Password


As reported in ZDNet <>, a 20-year-old vulnerability in Windows is still present in Windows 10. This vulnerability allows a malicious website to steal username and password of visitors using their Microsoft Account to log into their computers.

This widely know vulnerability was first discovered by Aaron Spangler in 1997. At the 2015 Black Hat convention is was found to be unmatched by Microsoft.

Although the vulnerability has been around for almost 20 years, it wasn't until Microsoft released Windows 8, and the ability to log in to a computer using a Microsoft Account instead of a local user account, that it became a very serious problem. It now allows the criminal to have full control over the users Microsoft account.

To prevent this vulnerability from becoming a penetration of your Microsoft account and all of your data, the following steps must be taken:

  1. Don't use Microsoft Internet Explorer or Edge browsers.
  2. Don't use Microsoft Outlook.
  3. Log into your Windows computer using a local user account, not your Microsoft account.

According to the ZDNet article, a Microsoft spokesperson suggested the company will not patch the vulnerability.

Cybersecurity For the Rest of Us

You can secure your home and business computers and mobile devices to better than NSA standards–easily, quickly, and without the need for a cybersecurity consultant. Just follow the step-by-step fully illustratated instructions found in Practical Paranoia: Security Essentials.

Practical Paranoia Security Essentials Book Series

No Comments Yet.

Leave a comment