Microsoft this week patched a major Cortana bug that could allow attackers to execute commands from the lock screen. The bug was originally discovered by McAfee researchers, who say they disclosed details of the issue to Microsoft on April 23 (via Windows Latest).
The vulnerability can be exploited via a number of methods, but they all have one commonality: an attacker requires physical access to your PC. If executed correctly, hackers could use Cortana from the lock screen to run PowerShell scripts or load malicious software from a USB stick. Researchers were also able to use the exploit to perform a password reset and gain full access to the machine.
Microsoft this week shipped a fix for the vulnerability with its latest Patch Tuesday updates for June. Further, according to Microsoft's security guidance, the issue is limited to PCs and server core installations running the Windows 10 Fall Creators Update and April 2018 Update.
Still, if you haven't yet installed the Patch Tuesday updates for June, or are planning to hold off, the best mitigation for the vulnerability is to disable Cortana on the lock screen.
We may earn a commission for purchases using our links. Learn more.
Rainbow Six Siege Year 5: What to expect in 2020
As Rainbow Six Siege Year 5 approaches, we’ve wrapped up everything we know about its Operators, maps, and more so far.
Rainbow Six Siege coming to PlayStation 5 and Xbox Series X
Ubisoft plans to bring Rainbow Six Siege to PlayStation 5 and Xbox Series X on launch day, while also hopeful of delivering cross-play and cross-platform progression soon.
Should you get an SSD or HDD when building your PC?
Building or upgrading a PC and don't know whether to go with SSD or HDD for your storage? Let's break it down.
The Super Bowl is finally here. Check out these must-see Windows apps
After an excellent regular season and a thrilling first few rounds of the NFL Playoffs, the Super Bowl is finally here. Here are the best Windows 10 apps to help you enjoy the big game.