The flaw originates in Cortana, the digital assistant, according to a group of security experts. The info was presented at the Black Hat USA conference held in Las Vegas, NV. The researchers also discovered that any individual could gain the rights to access files containing sensitive data, download and run files that have been infected, connect to malicious sites, and also get prominent privileges on a computer that has been locked.
All of this is possible because the Windows 10 UI lets apps continue to run in the background. Also, tasks can still be run by Cortana even while the machine is locked for keyboard and mouse utilization.
A ThreatPost report stated that this flaw was uncovered and reported to Microsoft in April of this year by a group of security researchers. These experts were Yuval Ron and Ron Marcovich from the Israel Institute of Technology and Tal Be’ery and Amichai Shulma from Kzen Networks.
The flaw has been documented under CVE-2018-8140. Microsoft has made it known that no exploit was uncovered in the wild. An important security rating was assigned to it.
