In the latest update, Microsoft patched a Cortana vulnerability which was disclosed by researchers at McAfee, anyone with access to a Windows 10 device could bypass the lock screen and access the system.
Microsoft Patched Cortana Vulnerability With Its Latest Update
On Tuesday, Microsoft released its latest update fixing about 50 critical vulnerabilities. One such important fix addressed the flaw with Windows voice assistant. As Microsoft patched the Cortana vulnerability, the door for hackers bypassing the lock screen and accessing Windows 10 systems was closed (at least for now).
The critical Cortana bug, rated as ‘important’ privilege escalation vulnerability (CVE-2018-8140), let the hackers bypass Windows 10 lock screen. Owing to this flaw, Cortana kept ‘listening’ for commands even when the device is locked.
A group of McAfee researchers noticed this problem and reported it to Microsoft in April. On June 12, Microsoft released a fix for it. As previously mentioned, Cortana kept on receiving commands without considering the device status. Thus, anyone with physical/console access to a system with Cortana enabled in it could exploit this vulnerability.
“An Elevation of Privilege vulnerability exists when Cortana retrieves data from user input services without consideration for status. The security update addresses the vulnerability by ensuring Cortana considers status when retrieves information from input services.”
Microsoft Also Fixes 49 Other Vulnerabilities
One can certainly describe the batch of updates released on Tuesday as the ‘bug fix bundle’. Apart from the Cortana bug, Microsoft also released fixes for 49 other vulnerabilities. These include patches for 11 critical Remote Code Execution (RCE) vulnerabilities too. Fortunately, none of these vulnerabilities were publicly exploited.
If you have turned on automatic updates for Windows 10, then these fixes will automatically install into your devices. Otherwise, make sure that you update your systems as soon as possible to stay secured from intruders.
Latest posts by Abeerah Hashim (see all)
- HackerOne Awarded $3500 In Bounties For Two Vulnerabilities Affecting The Platform - November 11, 2019
- DHS Alerts About Multiple Vulnerabilities In Medtronic Valleylab Equipment - November 11, 2019
- Apple Mail On MacOS Stores Parts Of Encrypted Emails In Unencrypted Form - November 11, 2019