tglogo.png

Cortana Hack Lets You Change Passwords on Locked PCs

In Category Microsoft News Posted by err0r On 12/13/18 Comments 0
Microsoft has patched a vulnerability in the Cortana smart assistant that could have allowed an attacker with access to a locked computer to use the smart assistant and access data on the device, execute malicious code, or even change the PC's password to access the device in its entirety.

The issue was discovered by Cedric Cochin, Cyber Security Architect and Senior Principle Engineer at McAfee. Cochin privately reported the problems he discovered to Microsoft in April.

The vulnerability is CVE-2018-8140, which Microsoft classified as an elevation of privilege, and patched yesterday during the company's monthly Patch Tuesday security updates.

Cochin says the issue was present because of different quirks in how Cortana allows users to interact with the underlying Windows 10 OS, while in a locked state.

The researchers discovered several features that could be combined into one larger attack:

Users can start typing after they say "Hey Cortana" and issue a voice command. This brings up a special search popup with various features and capabilities.

Users can type text in this popup, which searches the laptop's application index and its filesystem. By typing certain words, like "pas" (as in password), this search can bring up files containing this string in their file paths or inside the file itself. Hovering the mouse over one of these search results can reveal the file's location on disk, or the content of the file itself (big issue if the disclosed detail is a password).
View Forum Post & Comments