Remember how Microsoft was trying to sell us on switching to Windows 10, claiming (among other things) that it was the most secure version of Windows ever? Well, apparently it's only tied for most secure Windows version ever, being almost exactly as (in)secure as Windows 8. Yikes.
From Moritz Walter at hackaday:
Discovered in 1997 by Aaron Spangler and never fixed, the WinNT/Win95 Automatic Authentication Vulnerability (IE Bug #4) is certainly an excellent vintage. In Windows 8 and 10, the same bug has now been found to potentially leak the user’s Microsoft Live account login and (hashed) password information, which is also used to access OneDrive, Outlook, Office, Mobile, Bing, Xbox Live, MSN and Skype (if used with a Microsoft account).
The bug itself seems to be present in all Windows systems since Windows 95 / NT, although only Windows 8 and above are effectively compromised. To see if your machine is affected, you may want to check the public demonstration of the exploit, set up by the guys from [Perfect Privacy] and based on [ValdikSS] original work.
[...]
Even though the original issue exists and is known since more than two decades now, its severity has crept in only lately. Back in 1997, the attacker would have only obtained your local Windows login data, but in Windows 10, the default login method is the user’s Microsoft Live account. An attacker may have to resort to GPU-assisted hash-cracking to retrieve the password from the NTLMv2 hash (or even not), but the result can be as thorough as full compromise, including the mentioned Microsoft services and even remote access.That's right, Windows 10 still includes a bug that's been part of Windows since at least 1997 -- except that with Microsoft pushing customers to use a Microsoft account just to get past the lock screen, it's now actually worse than before.
Of course, this news simply confirms something I'd already suspected, i.e. that Windows 10's perceived improvements in security were due more to people not having had time to find its weaknesses, than they were to any actual improvements in the quality of Microsoft's product. Because Microsoft.
This is why you don't switch to a new Microsoft OS in the first year, people. You have to wait for them to find and fix this kind of crap.