Oh Microsoft…

Written by:
Damian Jennings
Date Posted:
21 December 2017
Category:
Security

White hat finds out that Windows 10 installs a version of “Keeper Password Manager” that nicely exposes all your passwords.  :O

It all begins with Windows 10 Anniversary Update (Version 1607). With this version, Redmond lovingly decided to whack in a new “feature” named Content Delivery Manager that knows what’s best for you. It decides to silently install new apps it thinks you’d just love. It does this without even asking the user, let alone getting permission.

Even worse, this hidden password manager was found months ago by keen eyed redditors.

Google Project Zero hacker Tavis Ormandy initially made the discovery:

“I recently created a fresh Windows 10 VM with a pristine image from MSDN and found that a password manager called 'Keeper' is now installed by default. I’m not the only person that noticed this, I assume this is some building deal with Microsoft.”

Ormandy noted in a blog post publishing on Chromium Blog.

“I remember filing a bug report a while ago about how they were injecting privileged UI into pages. I checked and they’re doing the same thing again with this version. I think I’m being generous considering this is a new issue that qualifies for a ninety day disclose, as I literally just changed the selectors and the same attack works”

Ormandy chose to examine the Keeper password manager searching for vulnerabilities to exploit to compromise the Windows install. Very quickly, he discovered a critical vulnerability that would allow an attacker to steal any password. This was almost identical to another issue he found in August 2016.

To prove it worked, Ormandy published a proof of concept exploit code I won’t link to that would steal a user’s Twitter password if it’s stored in the Keeper application. Obviously, users wouldn’t be impacted if they didn’t use the app to store their passwords.

If you don’t like the idea of Windows silently installing apps without your permission, you can disable it with a quick hack of the registry. Pop this code in:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager]
;0 = No Disable
;1 = Yes Enable (Default)
“PreInstalledAppsEnabled”=dword:00000000

NB: This is just a managed hosting company’s blog. We’re not security experts. Caveat emptor and all that

 

 

 

 

No votes yet.
Please wait...

 

Leave a Reply

Be the First to Comment!

avatar
  Subscribe  
Notify of

Hyve are 100% carbon neutral. We use carbon offsetting to balance out the release of carbon dioxide from our offices and infrastructure.