Vulnerability Allows Windows 10 to Be Hijacked, Even When Locked
A vulnerability in Windows 10 allows attackers to easily hijack a computer even when locked, all by simply relying on digital assistant Cortana to execute the necessary commands.
An in-depth analysis of the vulnerability published by McAfee reveals that the “Hey, Cortana!” voice command, which is enabled by default in Windows 10 and can be triggered even from the lock screen when the device is locked, provides potential attackers with rights to see file info, content, and even allow arbitrary code execution.
McAfee’s research shows that it’s possible to launch a Windows contextual menu by simply typing when Cortana starts to listen to a query on a locked device, and this is the first step towards a successful attack.
“All the results presented by Cortana come from indexed files and applications, and that for some applications the c… (read more)