Microsoft Cortana Vulnerability Allows Hackers to Browse With Your Locked Computer

[Aug 17, 2018]

Cortana is a virtual personal assistant and brings the search results to form the Bing, researchers spotted the links offered are clickable even though the device is locked. This allows an attacker to force navigation to a website.

New privilege escalation vulnerability with Cortana allows an attacker with physical access to do unauthorized browsing on the locked system.

Security researchers form Mcafee observed two different scenario’s, in the first scenario attackers, can force Microsoft Edge browser to navigate to the URL hosted in attacker’s server.

With the second case an attacker can use limited Version IE browser with the victim credentials and impersonate as a victim. 

Cyber Security Tips:

  • Both of the new flaws have been fixed with the Microsoft’s August update, Users are recommended to install those updates.
  • The best mitigation is to turn off Cortana on the lock screen.

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: