AfterDawn: Tech news

Cortana used to bypass Windows 10 security

Written by James Delahunty @ 14 Jun 2018 8:14

Cortana used to bypass Windows 10 security

Microsoft has pushed out a fix for a flaw with the Cortana assistant that could be exploited to unlock a Windows 10 computer.
McAfee reported the flaw to Microsoft back in April, and Microsoft has included an update to address the issue in this month's Patch Tuesday load of fixes and tweaks. Windows 10 devices on default settings will apply the update over the next day or so.

The flaw took advantage of the fact that Cortana listens for commands even when a Windows 10 PC is locked, coupled with the regular indexing of files on attached storage to make searching faster.

"This will come as a surprise and lies at the core of all the issues we found, but simply typing while Cortana starts to listen to a query on a locked device will bring up a Windows contextual menu," Cedric Cochin and Steve Povolny wrote on a McAfee blog post detailing a potential attack.

With a contextual menu displayed and search results coming from indexed files and applications (and in cases the contents of the file are indexed), a malicious actor could see sensitive contents of text files and other documents that has been indexed.



The McAfee team went further though and even detail a path to a password reset and login in a blog post here.

Previous Next  
Comments have been disabled for this article.

Latest news

Guide: How to Kick Unwanted Guests from Your Netflix Account Guide: How to Kick Unwanted Guests from Your Netflix Account (26 Jan 2023 2:14)
Sharing a Netflix account with a person in a different location is possible and indeed very common, although the company doesn't necessarily enjoy this behavior from their customers. However, ....
1 user comment
Guide: Turn an Old Computer Into a Chromebook Easily and for Free Guide: Turn an Old Computer Into a Chromebook Easily and for Free (07 Jan 2023 2:11)
Do you know someone whose computer is way beyond its best-before date, and they, unfortunately, do know have the skills or the expertise to do much about it? Or do you own a pile of old laptop ....
3 user comments
How to Choose a Robot Vacuum? How to Choose a Robot Vacuum? (07 Jan 2023 9:12)
Robot vacuums are meant to make day-to-day life easier in several ways. When they are used efficiently, they can keep the house clean continuously - at least when it comes to floors. In addition, ....
4 user comments
Tech year 2022 wrapped up: The rise of the AI, EU to become the much-needed counterweight to tech giants, ... Tech year 2022 wrapped up: The rise of the AI, EU to become the much-needed counterweight to tech giants, ... (01 Jan 2023 2:11)
AfterDawn's wrap-up for the tech year 2022. The rise of the artificial intelligence was probably the most significant change that occurred during the year 2022, but there were many other interesting developments, too.
2 user comments
OPPO to follow Samsung, OnePlus: Promises 4 Android updates, 5 years of patches for upcoming flagships OPPO to follow Samsung, OnePlus: Promises 4 Android updates, 5 years of patches for upcoming flagships (21 Dec 2022 3:45)
OPPO has updated its official Android update policy. Phone manufacturer now promises four major Android operating system updates for its new flagship phones.
4 user comments

News archive