[Aug 17, 2018]
Cortana is a virtual personal assistant and brings the search results to form the Bing, researchers spotted the links offered are clickable even though the device is locked. This allows an attacker to force navigation to a website.
New privilege escalation vulnerability with Cortana allows an attacker with physical access to do unauthorized browsing on the locked system.
Security researchers form Mcafee observed two different scenario’s, in the first scenario attackers, can force Microsoft Edge browser to navigate to the URL hosted in attacker’s server.
With the second case an attacker can use limited Version IE browser with the victim credentials and impersonate as a victim.
Cyber Security Tips:
- Both of the new flaws have been fixed with the Microsoft’s August update, Users are recommended to install those updates.
- The best mitigation is to turn off Cortana on the lock screen.