An article on thehackernews confirms Windows 10’s newest update brings Keeper password manager which apparently steals users’ passwords. The app is one of many apps that are possibly being installed in secret, forcefully upon a user’s system without them even getting an alert. This package doesn’t install with system updates, but Microsoft does suggest it. Obviously, Microsoft thought it was a good idea to press their affiliated apps upon people now, because making money through bing and Windows 10 purchases isn’t doing it for them. Apparently the app hasn’t been updated in a year either. A researcher from the Chromium project recently analyzed the app and found that a critical flaw different from one that he himself reported finding in an associated plugin over six months ago. As of right now, I would strongly urge users to not try using the password manager anymore and if you haven’t already, refrain from doing so. There are more well known alternatives such as LastPass. However, there does seem to have been an update released on the 11th of this month which removed the said vulnerability. Still for a company to let such a big issue pass quality testing in their app and for a big name company to trust such a company that would add more holes to their already existing millions is beyond me. This is not new behavior for Microsoft though. This is just their new business model.
Citation:
https://thehackernews.com/2017/12/windows-10-password-manager.html
