Critical Vulnerability Found in Windows 10 Clipboard Paste Function
- McAfee Labs has discovered multiple vulnerabilities in the Windows 10 platform including a Clipboard Paste function exploit.
- The security firm is actively researching the Windows 10 platform for bugs and exploits and has discovered multiple vulnerabilities in the past few weeks.
- The vulnerability which allowed attackers remote access to the Windows 10 login screen has already been patched by Microsoft.
McAfee Labs has been actively researching on the Windows 10 platform, and they have discovered a number of bugs and exploits over the past few weeks. The Redstone 1 build of Window 10 had a vulnerability that allowed hackers remote access to PCs on the build using the Windows Clipboard function. The exploit was quite simple to abuse, and it has already been patched by Microsoft.
The vulnerability was submitted to the tech giant as part of the vulnerability disclosure policy of McAfee Labs. Most of the current builds of Windows 10 are safe from the exploit, and even if users have not updated to the latest version of Windows 10, they should be safe.
The exploit involves using a physical keyboard, and if the system has a network detector, remote access is also possible using software-based keyboards through remote access software. The paste option is disabled by default on most versions of Windows 10 along with the “Hey, Cortana” voice command in the lock screen menu. However, it can be overridden in the Redstone 1 build by using the Ctrl+Shift+Insert shortcut to allow access to the clipboard contents. Attackers could use the exploit to force-copy several functions and access files without even requiring to log in using the system’s password.
Earlier this week, an exploit was found in Cortana by the security firm that allowed hackers access to an indexing feature to run exploits or malware. Cortana’s in-built indexing feature makes the search function much faster once filenames are available in the Cortana index. The Cortana exploit required the use of a USB drive and a PowerShell script to execute exploits on any public or shared Windows 10 PC. Windows has already patched the Cortana and Clipboard exploits, and McAfee will continue to monitor the platform and identify any remaining vulnerabilities in the OS.