I created a new Windows 10 VM with a pristine image from MSDN, and noticed a third party password manager is now installed by default. It didn't take long to find a critical vulnerability. https://bugs.chromium.org/p/project-zero/issues/detail?id=1481 …
-
Show this thread
-
Replying to @taviso
"...it sounds like they're just going to disable the feature for now." <- will this immediately remove the issue on all new MSDN-based images, or will there be some initial vulnerable time on them?
3 replies 1 retweet 4 likes -
Replying to @mkolsek
AFAIK, It will just auto-update from the Windows Store.
1 reply 1 retweet 7 likes -
Just checked my Surface Pro but the "Keeper" app is not installed?
1 reply 0 retweets 2 likes -
I think it's only new installs, I also got candy crush saga...(?!).
6 replies 3 retweets 36 likes -
So we know where your next RCE is going to be found :)
2 replies 1 retweet 23 likes -
I guess there's a "secret" "auto-install" way for Win10 Apps, I noted that one of my Win10 box didn't have the Facebook app installed days ago, but now it has.
3 replies 1 retweet 0 likes
I guess it's this ContentDeliveryManager service, but I don't know how it works. I should probably look into it.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.