HomeWinBuzzer NewsWindows 10: Severe Cortana Vulnerability Allows Attackers to take over PCs from...

Windows 10: Severe Cortana Vulnerability Allows Attackers to take over PCs from Lock Screen

Security company McAfee has warned users against a Cortana flaw that allows malicious code to be easily installed on a PC. Microsoft has patched the issue, but not all users have access to the mitigation.

-

wants to become your bona fide Windows assistant. You can talk to her with a “Hey Cortana” and the assistant will do tasks you command. As you would expect, one of the commands is not “Hey Cortana, break into a device”. However, there is a vulnerability in Cortana that leaves Windows machines wide open.

Security firm McAfee says a flaw in Cortana, specifically the ability to use the assistant from the lock screen.

This situation can be exploited to execute code from the locked screen to access the machine. In its report, McAfee says this works even on patched PCs up to Redstone 3, the Fall Creators Update.

It is worth noting that Microsoft used yesterday's (June 12) to fix this problem. If you have taken the cumulative update you should be fine, but if not, you may not want to leave your PC lying around.

Accessing Cortana from the lock screen could allow hackers to execute malicious software. Of course, the attacker would need physical access and some alone time with a machine.

McAfee shows how the assistant can be used to execute code from a USB drive attached to the PC and from the lock screen.

The code could be script that would be able to change system aspects, such as account password. Windows 10 automatically indexes files for Cortana to search, even if the device is locked. It is this aspect of the assistant that could be exploited:

  • Land a PowerShell script in a location that will be indexed
    • Public folder, public share, or OneDrive
  • Execute a search query that will show the document and click on it
  • “Hey Cortana, PS1”
  • Select the PowerShell script you just indexed and left click
  • The PowerShell script opens in Notepad
  • Execute a search query that will show the recent documents, right click, and…
  • Using Cortana, type or search in the contextual menu for “txt”
  • Right click on the PowerShell script in the Recent category under the Apps tab at the top (not Documents)
  • Click “Run with PowerShell”

Mitigation

McAfee says the best way to protect against this flaw is to patch your Windows 10 through this week's Patch Tuesday. However, not everyone will be able to update, so the obvious mitigation is to turn off Cortana on the lock screen.

SourceMcAfee
Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News