Microsoft Fixes Issue Causing Windows 10 Apps To Forget Passwords

Microsoft has addressed a known issue impacting multiple Windows 10 apps and causing them to forget users’ passwords after upgrading devices to certain Windows 10, version 2004 builds.

The issue was resolved in the KB4598291 release preview cumulative update for all editions of Windows 10 and Windows Server versions 2004 and 20H2.

This update also comes with fixes for device deactivation issues and freezing problems while playing games full-screen.

Password amnesia issue fixed in KB4598291

According to Microsoft, KB4598291 also “addresses an issue in which using local Service for User (S4U) affects Data Protection API (DPAPI) credential keys and causes users to sign out unexpectedly.”

The reason behind this issue was discovered by Google vulnerability researcher Tavis Ormandy after discovering that scheduled tasks created with the Task Scheduler’s S4U (Services For User) option are to be blamed.

Due to a bug in the RPC UBPM (Unified Background Process Manager), Windows 10 would forget passwords by removing saved credentials in the Local Security Authority Subsystem Service (LSASS).

This causes the affected apps to either lose login state or sign out users out of their accounts after every system restart.

Microsoft first acknowledged the issue causing Outlook and other apps to forget user passwords in a document published on its support website in November 2020.

Also Read: 10 Practical Benefits of Managed IT Services

Workaround also available

Redmond also provided a workaround for the issue found by Ormandy which requires impacted users to delete scheduled tasks created using S4U.

This can be helpful to temporarily mitigate the issue on systems where installing the fix bundled with KB4598291 is not immediately possible.

“This issue occurs when some Windows 10 Task Scheduler Tasks are configured in a certain way,” Microsoft said. “Until a fix is available a workaround is to disable these tasks using Task Scheduler.”

The workaround requires you to follow this procedure:

1. Open the Quick Link menu by right-clicking the Start Button and then selecting Windows PowerShell (Admin).
2. Execute this command by hitting Enter: Get-ScheduledTask | foreach { If (([xml](Export-ScheduledTask -TaskName $_.TaskName -TaskPath $_.TaskPath)).GetElementsByTagName("LogonType").'#text' -eq "S4U") { $_.TaskName } }
3. Jot down any scheduled tasks that get listed as output to the command and disable them using the Windows Task Scheduler by following these steps:

• In the Windows 10 Search box, type Task Scheduler, and then open the Task Scheduler app.
• Locate the task in the Window (HP Customer participation) and the other tasks from the Windows PowerShell output.
• Right-click the task and choose Disable.
• After you disable the task, restart Windows.

Also Read: What Legislation Exists in Singapore Regarding Data Protection and Security?

As Microsoft also notes, you may also have to re-enter passwords in affected apps one more time before they are saved correctly again.