Windows 10 included a password manager complete with massive password-stealing potential

Microsoft has been bundling a password manager that features a dangerous flaw with some versions of Windows 10, a Google security researcher has revealed. Tavis Ormandy noticed that his copy of Windows 10 included Keeper, which he had previously found to be injecting privileged UI into pages. The version that Microsoft was including with Windows 10 featured the same bug. What does this mean? In short, it allows any website to steal passwords from you. See also: Security: macOS High Sierra bug lets you log in as 'root'... without a password Windows 8 onwards incorrectly implements ASLR security feature, but… [Continue Reading]