News

Critical Vulnerability Found in Windows 10 Clipboard Paste Function

By Nitish Singh / June 15, 2018

McAfee Labs has been actively researching on the Windows 10 platform, and they have discovered a number of bugs and exploits over the past few weeks. The Redstone 1 build of Window 10 had a vulnerability that allowed hackers remote access to PCs on the build using the Windows Clipboard function. The exploit was quite simple to abuse, and it has already been patched by Microsoft.

The vulnerability was submitted to the tech giant as part of the vulnerability disclosure policy of McAfee Labs. Most of the current builds of Windows 10 are safe from the exploit, and even if users have not updated to the latest version of Windows 10, they should be safe.

The exploit involves using a physical keyboard, and if the system has a network detector, remote access is also possible using software-based keyboards through remote access software. The paste option is disabled by default on most versions of Windows 10 along with the “Hey, Cortana” voice command in the lock screen menu. However, it can be overridden in the Redstone 1 build by using the Ctrl+Shift+Insert shortcut to allow access to the clipboard contents. Attackers could use the exploit to force-copy several functions and access files without even requiring to log in using the system’s password.

View post on imgur.com

Earlier this week, an exploit was found in Cortana by the security firm that allowed hackers access to an indexing feature to run exploits or malware. Cortana’s in-built indexing feature makes the search function much faster once filenames are available in the Cortana index. The Cortana exploit required the use of a USB drive and a PowerShell script to execute exploits on any public or shared Windows 10 PC. Windows has already patched the Cortana and Clipboard exploits, and McAfee will continue to monitor the platform and identify any remaining vulnerabilities in the OS.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: