"This is especially critical if the user is using a Microsoft account (Windows 8, 8.1, 10) because this is linked to a number of other services the user may be using. Among them are:
- Microsoft OneDrive (cloud storage)
- Microsoft Outlook (email account)
- Skype account (if signed up with a Microsoft account)
- Xbox Live network
- Microsoft Office
- MSN account (Instant Messaging)
- Windows Mobile account (access to mobile phone)
- Microsoft Bing account (access to search history)
Basically this attack can compromise any service the user signed up with his Microsoft acccount. If the computer is set up to allow remote logins, this also allows remote code execution.
- Do not use Microsoft software that is accessing network shares over the internet (such as Internet Explorer, Edge or Outlook)
- Do not use a Microsoft login for your local Windows machine"
Full article @ Perfect Privacy
Originally documented by ValdikSS from the Russian provider ProstoVPN