Microsoft has issued a Windows 10 security update to prevent hackers from breaking into PCs using Cortana. Microsoft’s digital assistant is built into every version of Windows 10, McAfee security researchers discovered it could be summoned from a lock screen to execute malicious software. Any potential hacker would need physical access to a PC, and McAfee details methods to get the digital assistant to index files from a USB drive and execute them.
Hackers can summon Cortana to break into Windows 10 PCs
Cortana on the lock screen has some security exploits
Cortana on the lock screen has some security exploits
is a senior correspondent and author of Notepad, who has been covering all things Microsoft, PC, and tech for over 20 years.
These files could be executable ones, or Powershell scripts that can even go as far as resetting a Windows 10 account password. The clever attack preys on the ability of Cortana to listen for commands while a Windows 10 PC is locked, combined with the fact the operating system regularly indexes files to make them available in the search interface that Cortana accesses.
McAfee recommends turning off Cortana on the lock screen to prevent the attack, which is particularly relevant in business environments. While Microsoft has patched this vulnerability with its latest security updates released yesterday, many machines won’t be running the latest updates just yet.
Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.
