Windows 10 is no slouch for Microsoft. According to Ars Technica, over 270 million users have bought new PCs with the OS installed or have upgraded for free. Microsoft CEO Satya Nadella said this software is the “fastest growing version of Windows for both consumers and enterprises.”
But it’s not all wine and roses: As noted by Softpedia, the new Anniversary Update has been blamed as the cause of multiple Windows 10 crashes. It gets worse: A decades-old software bug may also present a serious security risk for Internet Explorer and Edge users. Here’s a look at the latest Windows worries.
Freeze Frame and Windows 10 Crashes
It’s no surprise that users flocked to grab the Windows 10 update at no cost. This particular OS is one of the best-reviewed versions of Windows in recent years, so big numbers only make sense.
The update comes with a number of solid improvements, such as the addition of Bash Shell support and the ability to swap out components such as motherboards and processors without calling Microsoft support to reactivate the Windows license. Unfortunately, the update also includes an irritating side effect for some users: random Windows 10 crashes.
As noted by The Inquirer, initial reports claimed that desktops freeze for anywhere from 20 seconds to several minutes after users first boot up their PCs. Disabling third-party apps doesn’t seem to work, but some users have had luck booting in Safe Mode, installing the update from USB devices or installing .NET framework 3.5 along with various C++ Redistribute Packages.
The lack of third-party problems suggests that Microsoft’s update is the likely culprit, but so far the only acknowledged issue about the new update from Microsoft is that it “could reset a few of your personalized settings choices to their defaults.”
Put simply, this is a so-so anniversary for Windows 10 — most users are enjoying themselves, but some are having the absolute worst time.
Issues With Oversharing
The other issue currently making noise is a re-emerging bug first discovered in 1997. According to SecurityWeek, while the bug was mentioned in passing at last year’s Black Hat conference, there was little reason to be worried about a WinNT/Win95 vulnerability. That is, until researchers discovered that under the right circumstances, an attack using this weakness can force Windows to leak Microsoft account credentials.
Here’s how it works: Since Windows 8, users have been able to login with their Microsoft accounts. But if attackers create a network share and convince users to visit the IP address of that share, they can grab a user’s login name and the NTML hash of their password. If it’s a weak password, cracking takes less than a minute and attackers get access to all services connected to that Microsoft account.
But wait, there’s more! It’s possible to embed the network share into a website image if victims are using Internet Explorer or the Edge browser. This can also be done by sending an email through Outlook.
So far there’s no hard fix, just warnings to stop using software that can access network shares over the internet and avoid logging into local Windows computers with Microsoft accounts.
The Final Rose
All in all, the latest Windows version is stable, popular and powerful. The new update has good features but tends to cause random Windows 10 crashes. Cybercriminals, meanwhile, have a new way to crack Microsoft accounts by leveraging a 20-year-old vulnerability using new browser technology.
Silver lining: At least it’s a memorable anniversary.