A group of researchers at McAfee, the software company, specializing in cybersecurity, recently detected a security flaw in the Cortana personal assistant in Windows 10 that puts users’ private data at risk. This vulnerability leaves a door open for hackers to run malicious code on any device running Windows 10, in a matter of seconds.
The security flaws in Cortana is located in the assistant’s passive listening, and, as the cybersecurity firm has announced, this feature allows the wizard to execute your commands even if your computer is on the lock screen.
Therefore, the hacker would only have to insert an infected USB into the computer and ask Cortana to run the malware to infect the PC entirely.
The security flaw in Cortana allows hackers to do anything from accessing private data to changing passwords
By exploiting this vulnerability, researchers have been able to locate any file on an infected computer in a matter of seconds.
But not only that. The IT security experts have also been able to query the different paths of the computer and even change the account key configured in Windows 10.
This has enabled McAfee employees to access the computer to query any data.
However, for this to be possible, the hacker needs to be in contact with the device. Since this is a failure related to the Cortana’s passive listening, the hacker cannot perform the attack remotely.
For the same reason, Cortana’s vulnerability mainly affects laptops.
Microsoft rolls out a Windows 10 security patch to address this bug
To solve this problem, Microsoft has developed a security patch that fixes this and other vulnerabilities detected by different cybersecurity firms.
If your computer has not updated automatically, check the System Update section to install this security patch, which is now available in Windows Update.
If you don’t want to install the latest update, but want to prevent this type of attack, then disable Cortana on the lock screen. This solution would prevent hackers from accessing your device. However, it is recommended to install the security patch to address the security flaw in Cortana and future potential threats.