Privacy News Cortana Hack Lets You Change Passwords on Locked PCs

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Microsoft has patched a vulnerability in the Cortana smart assistant that could have allowed an attacker with access to a locked computer to use the smart assistant and access data on the device, execute malicious code, or even change the PC's password to access the device in its entirety.

The issue was discovered by Cedric Cochin, Cyber Security Architect and Senior Principle Engineer at McAfee. Cochin privately reported the problems he discovered to Microsoft in April.

The vulnerability is CVE-2018-8140, which Microsoft classified as an elevation of privilege, and patched yesterday during the company's monthly Patch Tuesday security updates.
Cochin says the issue was present because of different quirks in how Cortana allows users to interact with the underlying Windows 10 OS, while in a locked state.
The researchers discovered several features that could be combined into one larger attack:
...
.....
 

DarkLense

Level 1
Verified
Feb 8, 2018
18
I don't even like Cortana nor any other assistant from the beginning you know it collects too much stuff if you let it, this is just icing on the cake. That reminds on the guy in the computer shop the other day, turns out he came to complain about one thing or another and stated "I am going to burn the thing change my name and move to another state" :ROFLMAO:
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top