Microsoft Cortana Elevation of Privilege Vulnerability
A vulnerability in the Cortana digital assistant for Windows 10 could allow a local unauthenticated user to bypass the lock screen to execute commands or manipulate files.
This content has been archived
This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk
Summary
A vulnerability in the Cortana digital assistant for Windows 10 could allow a local unauthenticated user to bypass the lock screen to execute commands or manipulate files.
Threat details
Cortana remains functional even when a Windows 10 device is locked, an attacker may exploit this using specific commands to access files or processes without unlocking the device. This does require physical access and for Cortana assistance to be enabled (a default feature on most Windows 10 versions).
For further information:
Remediation steps
| Type | Step |
|---|---|
|
Microsoft have released an update to rectify this vulnerability. Please update affected systems immediately. |
CVE Vulnerabilities
Last edited: 17 February 2020 12:48 pm