Microsoft is continuously working on making Windows 10 more secure, and while the company has indeed managed to make the operating system more difficult to break into, bugs in certain features make hackers’ lives significantly easier.
A vulnerability called Open Sesame allows hackers to execute arbitrary code on a Windows 10 computer using just their voice.
The bug exists in digital assistant Cortana, and a team of researchers revealed at the Black Hat conference in Las Vegas that anyone could get rights to access sensitive files, connect to malicious websites, download and run infected files, and even gain elevated privileges on a locked computer.
It’s all possible due to the fact that the UI on Windows 10 now allows apps to run in the background, and while the computer is locked for mouse and keyboard use, Cortana can still perform a series of tasks.
Security researchers Amichai Shulman, Tal Be’ery of Kzen Networks, and Ron Marcovich and Yuval Ron of the Israel… (read more)