Microsoft this week patched a major Cortana bug that could allow attackers to execute commands from the lock screen. The bug was originally discovered by McAfee researchers (opens in new tab), who say they disclosed details of the issue to Microsoft on April 23 (via Windows Latest).
The vulnerability can be exploited via a number of methods, but they all have one commonality: an attacker requires physical access to your PC. If executed correctly, hackers could use Cortana from the lock screen to run PowerShell scripts or load malicious software from a USB stick. Researchers were also able to use the exploit to perform a password reset and gain full access to the machine.
Microsoft this week shipped a fix for the vulnerability with its latest Patch Tuesday updates for June. Further, according to Microsoft's security guidance (opens in new tab), the issue is limited to PCs and server core installations running the Windows 10 Fall Creators Update and April 2018 Update.
Still, if you haven't yet installed the Patch Tuesday updates for June, or are planning to hold off, the best mitigation for the vulnerability is to disable Cortana on the lock screen.
Dan Thorp-Lancaster is the Editor in Chief for Windows Central. He began working with Windows Central as a news writer in 2014 and is obsessed with tech of all sorts. You can follow Dan on Twitter @DthorpL and Instagram @heyitsdtl. Got a hot tip? Send it to email@example.com.
I made a similar comment in /r/WindowsInsiders and was decimated for it. Can't wait to see what happens here...
Someone got it! 😂
I'm guessing those of us who are running the Skip Ahead builds aren't affected, since I saw nothing on patch Tues.
I hate that little Cortana bobble head pic.. She looks so sad, and lonely.... SMDH. Thanks, NOFOLLOWTHROUGHSOFT!
Good to hear they got this nipped in the butt.
The phrase is "nipped in the bud" :P
Get the best of Windows Central in in your inbox, every day!
Thank you for signing up to Windows Central. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.