Microsoft Patches Cortana Vulnerability That Allowed Lock Screen Bypass

  • 180
  •  
  •  
  • 109
  •  
  •  
  •  
    289
    Shares

In the latest update, Microsoft patched a Cortana vulnerability which was disclosed by researchers at McAfee, anyone with access to a Windows 10 device could bypass the lock screen and access the system.

Microsoft Patched Cortana Vulnerability With Its Latest Update

On Tuesday, Microsoft released its latest update fixing about 50 critical vulnerabilities. One such important fix addressed the flaw with Windows voice assistant. As Microsoft patched  the Cortana vulnerability, the door for hackers bypassing the lock screen and accessing Windows 10 systems was closed (at least for now).

The critical Cortana bug, rated as ‘important’ privilege escalation vulnerability (CVE-2018-8140), let the hackers bypass Windows 10 lock screen. Owing to this flaw, Cortana kept ‘listening’ for commands even when the device is locked.

A group of McAfee researchers noticed this problem and reported it to Microsoft in April. On June 12, Microsoft released a fix for it. As previously mentioned, Cortana kept on receiving commands without considering the device status. Thus, anyone with physical/console access to a system with Cortana enabled in it could exploit this vulnerability.

“An Elevation of Privilege vulnerability exists when Cortana retrieves data from user input services without consideration for status. The security update addresses the vulnerability by ensuring Cortana considers status when retrieves information from input services.”

Microsoft Also Fixes 49 Other Vulnerabilities

One can certainly describe the batch of updates released on Tuesday as the ‘bug fix bundle’. Apart from the Cortana bug, Microsoft also released fixes for 49 other vulnerabilities. These include patches for 11 critical Remote Code Execution (RCE) vulnerabilities too. Fortunately, none of these vulnerabilities were publicly exploited.

If you have turned on automatic updates for Windows 10, then these fixes will automatically install into your devices. Otherwise, make sure that you update your systems as soon as possible to stay secured from intruders.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!