Windows 10 included password manager with huge security hole

From Engadget - December 16, 2017

A Microsoft spokesperson told Ars Technica that the Keeper team had patched the exploit (in response to Ormandy's private disclosure), so it should not be an issue if your software is up to date. Also, you were only exposed if you enabled the plugin.

However, the very existence of the hole has still raised a concern: are Microsoft's security tests as thorough for third-party apps as its own software? The company has declined to comment, but that kind of screening may prove crucial if Microsoft is going to maintain the trust of Windows users. It does not matter how secure Microsoft's code is if a bundled app undermines everything.


Continue reading at Engadget »