Microsoft refuses to fix a security vulnerability in Windows 10 Mobile

Windows 10 Mobile Calendar app
Image Courtesy: PocketNow

Microsoft has stopped developing Windows 10 Mobile operating
system, meaning users no longer receive important updates but
security updates are still delivered on every Patch Tuesday.

Windows 10 Mobile is still around, but the company is not
adding any new features or making significant changes to the

If you still hang around with a Windows Phone handset, a new
vulnerability has been discovered that could allow an attacker
to access your files and folders through the locked screen.
Windows Phone market share dropped below 1% a few years ago,
but there are still some holdouts using the platform and the
vulnerability affects them.

The vulnerability has been reported by Yuval Ron, Amichai
Shulman, and Eli Biham from Israel, and it has been acknowledged by Microsoft on
its security platform.

According to the documentation, this vulnerability will allow
the attacker to access the photo library and as well as modify
or delete photos without establishing authentication to the

Fortunately, the vulnerability requires physical contact with
the phone and Cortana assistance needs to be allowed on the
lock screen. In other words, the vulnerability is not a big
deal unless we’re talking about the victims of theft.

Microsoft says it will not address this vulnerability in
Windows 10 Mobile but you can follow the following workaround
to secure your handset:

  • Open Cortana app.
  • Tap on three horizontal bars to access the menu.
  • Click Settings and turn off the lock screen access to
    Cortana when the device is locked.

“We reported this issue to Microsoft in December 2018, a year
before the operating system’s end-of-life. After nine months of
evaluations and analysis, they decided not to patch the
vulnerability because of the “limited users of Windows 10
Mobile, the physical access requirement to reproduce this
issue, and the difficulty in steps to reproduce,” the
researchers said.

Windows 10 Mobile support ends on December 10, but it appears
that the firm may not address any such complex vulnerabilities
for apparent reasons.

About the Author: admin

i am as a writer and blogger...

Leave a Reply

Your email address will not be published. Required fields are marked *