Windows 10 Cortana
Image Courtesy of CNET
  • An exploit was discovered in Windows 10 by McAfee security researchers that can be used to access Windows 10 PCs without consent by exploiting Cortana.
  • While Microsoft patched the vulnerability yesterday, many Windows 10 systems have still not been updated or have updates disabled making them vulnerable to the exploit.
  • Users are recommended to turn off Cortana to prevent an attack using the exploit if they are not on the latest version of Windows 10.

Security researchers from McAfee have discovered an exploit that could let hackers access Windows 10 systems by exploiting Cortana. Microsoft Cortana is a digital assistant available as a free feature in all Windows 10 PCs which can be accessed from the lock screen without unlocking a system.

Cortana has an indexing feature which can be used to index all files on a system to make them available quickly in the Windows Search menu. The exploit involves using Cortana to execute an exploit to access a PC by using Cortana to index files from USB drives that contain malware. The malware can be used to open PowerShell scripts without requiring a password or pin to unlock a PC, allowing hackers access to all files on a system.

Windows 10 Cortana Exploit
Image Courtesy of McAfee

While home users who do not allow access to outsiders are safe, accessing public or shared PCs running Windows 10 could be dangerous. McAfee’s security team has recommended turning off Cortana to prevent instances of exploits. Microsoft has already patched the exploit, and the latest version of Windows 10 is safe for usage. However, a large number of Windows users do not have automatic updates enabled or have deferred upgrades set as the default option making it difficult for Microsoft to safeguard all of its systems.

Users who are running version CVE-2018-8140 of Windows 10 are safe from the exploit. To check which version of Windows you are running access the Run menu by pressing the Windows and R keys simultaneously. In the pop-up menu that appears type winver and hit ok. You will now be able to see the registration information and build number of your OS. If you are not running the latest version, update your PC manually using the Windows Update software.