August 4, 2016 By Douglas Bonderud 2 min read

Windows 10 is no slouch for Microsoft. According to Ars Technica, over 270 million users have bought new PCs with the OS installed or have upgraded for free. Microsoft CEO Satya Nadella said this software is the “fastest growing version of Windows for both consumers and enterprises.”

But it’s not all wine and roses: As noted by Softpedia, the new Anniversary Update has been blamed as the cause of multiple Windows 10 crashes. It gets worse: A decades-old software bug may also present a serious security risk for Internet Explorer and Edge users. Here’s a look at the latest Windows worries.

Freeze Frame and Windows 10 Crashes

It’s no surprise that users flocked to grab the Windows 10 update at no cost. This particular OS is one of the best-reviewed versions of Windows in recent years, so big numbers only make sense.

The update comes with a number of solid improvements, such as the addition of Bash Shell support and the ability to swap out components such as motherboards and processors without calling Microsoft support to reactivate the Windows license. Unfortunately, the update also includes an irritating side effect for some users: random Windows 10 crashes.

As noted by The Inquirer, initial reports claimed that desktops freeze for anywhere from 20 seconds to several minutes after users first boot up their PCs. Disabling third-party apps doesn’t seem to work, but some users have had luck booting in Safe Mode, installing the update from USB devices or installing .NET framework 3.5 along with various C++ Redistribute Packages.

The lack of third-party problems suggests that Microsoft’s update is the likely culprit, but so far the only acknowledged issue about the new update from Microsoft is that it “could reset a few of your personalized settings choices to their defaults.”

Put simply, this is a so-so anniversary for Windows 10 — most users are enjoying themselves, but some are having the absolute worst time.

Issues With Oversharing

The other issue currently making noise is a re-emerging bug first discovered in 1997. According to SecurityWeek, while the bug was mentioned in passing at last year’s Black Hat conference, there was little reason to be worried about a WinNT/Win95 vulnerability. That is, until researchers discovered that under the right circumstances, an attack using this weakness can force Windows to leak Microsoft account credentials.

Here’s how it works: Since Windows 8, users have been able to login with their Microsoft accounts. But if attackers create a network share and convince users to visit the IP address of that share, they can grab a user’s login name and the NTML hash of their password. If it’s a weak password, cracking takes less than a minute and attackers get access to all services connected to that Microsoft account.

But wait, there’s more! It’s possible to embed the network share into a website image if victims are using Internet Explorer or the Edge browser. This can also be done by sending an email through Outlook.

So far there’s no hard fix, just warnings to stop using software that can access network shares over the internet and avoid logging into local Windows computers with Microsoft accounts.

The Final Rose

All in all, the latest Windows version is stable, popular and powerful. The new update has good features but tends to cause random Windows 10 crashes. Cybercriminals, meanwhile, have a new way to crack Microsoft accounts by leveraging a 20-year-old vulnerability using new browser technology.

Silver lining: At least it’s a memorable anniversary.

More from

Government cybersecurity in 2025: Former Principal Deputy National Cyber Director weighs in

4 min read - As 2024 comes to an end, it’s time to look ahead to the state of public cybersecurity in 2025.The good news is this: Cybersecurity will be an ongoing concern for the government regardless of the party in power, as many current cybersecurity initiatives are bipartisan. But what will government cybersecurity look like in 2025?Will the country be better off than they are today? What are the positive signs that could signal a good year for national cybersecurity? And what threats should…

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

2024 trends: Were they accurate?

4 min read - The new year always kicks off with a flood of prediction articles; then, 12 months later, our newsfeed is filled with wrap-up articles. But we are often left to wonder if experts got it right in January about how the year would unfold. As we close out 2024, let’s take a moment to go back and see if the crystal balls were working about how the year would play out in cybersecurity.Here are five trends that were often predicted for…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today