Microsoft patches Cortana lock screen vulnerability discovered by McAfee

Windows 10 Cortana

"The security update addresses the vulnerability by ensuring Cortana considers status when [retrieving] information from input services".

Microsoft described the Windows DNS patch as addressing a remote code execution (RCE) vulnerability that affects Windows desktop versions 7 through 10 and Windows Server 2008 and newer.

Among the patches are fixes for Spectre Variant 4 or "speculative store bypass", a security flaw affecting PCs with Intel microprocessors. Microsoft Cortana is a digital assistant available as a free feature in all Windows 10 PCs which can be accessed from the lock screen without unlocking a system.

However, McAfee experts were also able to summon the window that houses Cortana on the desktop interface simply by typing with any key while Cortana is listening to a query.

By exploiting this vulnerability, researchers have been able to locate any file on an infected computer in a matter of seconds.

In a blog post on its site, McAfee explained exactly how a potential hacker would go about getting Cortana to index malicious files from a USB drive in order to execute them.

This indexing process is what enables Cortana to find the files on your computer.

Goodbye, star. Astronomers first detected the star consumed a supermassive black hole
Upon closer inspection, they discovered that a supermassive black hole at the center of one galaxy was involved. The graphic illustrates the Tidal Disruption Event and how its effects are observed by astronomers.

Dustin Johnson surges to four-shot lead at US Open
It trickled over the green and down the slope, and Spieth didn't get back on the green until he played three more shots. The damage was done with Thursday's opening round and although he was 10 better on Friday, it means he misses the cut.

Australia sexual abuse: PM accepts landmark inquiry proposals
Malcolm Turnbull will deliver a national apology to the survivors, victims and families of institutional child sex abuse. The government has not rejected any of the royal commission's recommendations, he said.

These malicious apps can be used to change passwords, infect Windows 10 with viruses, and get unfettered access to the machine. Microsoft fixed the bug Tuesday, June 12.

Users who have updated with the most recent patch will be safe from this vulnerability.

Experts assured users that the vulnerability is not as unsafe as it sounds.

McAfee said in a written statement.

'The attack surface created by vocal commands and personal digital assistants requires much more investigation; we are just scratching the surface of the amount of research that should be conducted in this critical area, ' the researchers wrote.

McAfee encourages Windows 10 users to install this month's security update as soon as possible, though turning off Cortana on the lock screen is also a good mitigation.

Related News:



Most liked

Indonesian woman dies after being swallowed whole by a python
On Friday, her family went to look for her at the garden but found only her belongings, including sandals and a flashlight. The alarm was raised when Wa, 54, failed to return home after she went out to do some gardening on Thursday afternoon.

White House to suspend August US-S Korea drill
The process was put back on track during a surprise second summit early this month between Kim and South Korean President Moon Jae-in.

British LGBT rights campaigner released in Moscow following arrest after protest
He has been arrested twice previously and was severely beaten by right-wing protesters during a gay pride parade in 2007. English activist and politician Peter Tatchell being arrested by Russian police during the World Cup.

Frustrated Phil Mickelson swats moving ball with putter at US Open
Mickelson jogged after the ball after it curled around the hole, realizing it was about to head down the other side of the green. He trotted after it and when the ball was about 15 feet beyond the hole, and still trickling, he hit it back towards the hole.

The Plague Is Back: Idaho Child Shows Symptoms of the Rare Disease
Occasionally some humans do get infected with Yersinia pestis , usually through a flea or animal bite, according to Health.com . No one should feed rodents in parks and picnic or campground areas, and people should never handle sick or dead rodents.

Taliban enter Afghan capital to mark Eid ceasefire, hugs and selfies elsewhere
A three-day Eid truce between the Taliban and Afghan security forced was distrupted when a auto bomb exploded, killing 26 people. This is the first time that the Taliban has ever extended an offer of this kind to the Afghan government.

American farmers caught in the middle of global trade war
Products affected include soy, corn, wheat, rice, sorghum, beef, pork, poultry, fish, dairy products, nuts and vegetables. Beijing is an important player in talks with North Korea on abandoning its nuclear-weapons program.

Smashing E3: 'Smash Ultimate' and more announced at Nintendo's E3
Ultimate , which comes to the Switch in December, and omitted previously announced titles like the core Pokmon role-playing game . Coming in 2nd was Super Smash Bros Ultimate , which was one of the most hyped titles at the show.

Do Religious People Live Longer? New Study Says Yes
Previous studies showed people who volunteer or participate in groups tend to have more longevity. After gender and marital status were factored in, the number reduced to 6.48 years.

Harvard gives Asian-Americans lower personality ratings than other races, lawsuit claims
There is also an exhaustive process of reading, review and commentary before the admissions committee votes on each application. Accounting for extracurricular and personal ratings, the share of whites rose again, and Asian-Americans fell to 26 percent.

Uruguay strike late to break Egypt's hearts
The hopes of a nation rest on Salah, who scored the penalty which secured their first World Cup appearance since 1990. Salah's Egypt face the Barcelona forward's Uruguay in their Group A World Cup clash this afternoon.

Russian Federation wins opening World Cup match against Saudi Arabia, 5-0
Hero Introduced after just 24 minutes from the bench, Russian striker Denis Cheryshev scored two outstanding goals. Tune in to Jason Pine weekday mornings from 9 on Radio Sport, for all the latest from the FIFA World Cup .

Glasgow School of Art devastated by second major fire
The building was ravaged by fire in May 2014 and was due to re-open next year following a multi-million pound restoration project. The celebrated Mackintosh building was engulfed by flames after it caught fired at about 23:20 on Friday, BBC reported.

Iceland ready for 'biggest game' against Argentina, says coach
Iceland , meanwhile, have already made history by becoming the smallest nation to qualify for the World Cup. Argentina is set clash with Iceland in a Group D World Cup match in Moscow at Spartak Stadium .

Late Pogba goal gives France victory over Australia
France have recorded a 2-1 victory over a stubborn Australia side to begin their World Cup campaign with three points. Deschamps made his final switch, Blaise Matuidi on for Tolisso, as the game headed towards a tense last 10 minutes.