McAfee discovers new Windows 10 Cortana vulnerabilities that could manipulate locked systems

60
Microsoft Cortana

Today, McAfee has announced that it has discovered a new
vulnerability in Windows 10’s Cortana digital assistant which
could be used to manipulate locked systems with physical
access. It’s worth noting that the two new flaws have been
addressed as part of
Microsoft’s August update for Windows 10.

The vulnerability was discovered by McAfee Labs Advanced
Threat Research team and the researchers responsible disclosed
it with Microsoft which addressed the vulnerabilities in
today’s patch.

cortana bug

The company says that the locked Windows 10 devices with
Cortana could allow an attacker with physical access to do two
kinds of unauthorized browsing on the unpatched systems.

The vulnerabilities could allow the attackers:

  • The attacker can force Microsoft Edge to navigate to an
    attacker-controlled URL.
  • The attacker can use a limited version of Internet Explorer
    11 using the saved credentials of the victim.

“In the first scenario, a Cortana privilege escalation leads to
forced navigation on a lock screen. The vulnerability does not
allow an attacker to unlock the device, but it does allow
someone with physical access to force Edge to navigate to a
page of the attacker’s choosing while the device is still
locked. This is not a case of BadUSB, man in the middle, or
rogue Wi-Fi, just simple voice commands and interacting with
the device’s touchscreen or mouse,” researchers Cedric
Cochin and Steve Povolny explains in a blog post.

Some additional discoveries by McAfee being addressed in the
latest set of Patch Tuesday updates include:

  • McAfee researchers discovered that Cortana can be forced to
    open an attacked-controlled page while in a locked state. One
    way bad actors can take advantage of this vulnerability is to
    manipulate Wikipedia pages (which Cortana frequently references
    while in locked mode as a “trusted site”) to contain malicious
    links and information.
  • Researchers also discovered that attackers can access and
    navigate Internet Explorer through the Internet Explorer engine
    and not the full browser, though both JavaScript and cookies
    are enabled. Using this method, while the device is still
    locked attackers would be able to post comments on a public
    forum from another user’s device or impersonate the user thanks
    to its cached credentials.


i am as a writer and blogger...


Leave a Reply

Your email address will not be published. Required fields are marked *