Mcafee recently posted regarding a Vulnerability of cortana which can be used to execute harmful sotware directly from the lock screen of a PC,It definitely requires physical access to your PC in order to perform the hack,Microsoft mentions,An Elevation of Privilege vulnerability exists when Cortana retrieves data from user input services without consideration for status, An attacker who successfully exploited the vulnerability could execute commands with elevated permissions,To exploit the vulnerability, an attacker would require physical/console access and the system would need to have Cortana assistance enabled,The security update addresses the vulnerability by ensuring Cortana considers status when retrieves information from input services.
McAfee security researchers explains The easiest mitigation technique, is to install the Security patch or Simply turn off Cortana on the lock screen,following are the steps options to perform these tasks.
- Option 1 (Recommended)– Download the Latest security patch from the landing page ,which fixes the issue,you can either download this or alternatively disable cortana from the Lock screen ,by following the Option 2 instructions.
- Option 2 -Disable Cortana at Lock screen,in order to do so:-
The McAfee Advanced Threat Research team has a fundamental goal of eliminating critical threats to the hardware and software we use; this month’s patch is a clear step toward furthering that goal,The attack surface created by vocal commands and personal digital assistants requires much more investigation; McAfee research team is just scratching the surface of the amount of research that should be conducted in this critical area.