June’s “Patch Tuesday” (June 12) is here, but it is likely many
Windows 10 users have not yet applied these updates. If you have not,
just be sure not to leave your laptop lying around! The patches in this
cycle fix a code execution vulnerability using the default settings for
Windows 10 and the “Cortana” voice assistant. We’ll detail how this
vulnerability can be used to execute code from the locked screen of a
fully patched Windows 10 machine (RS3 at the time of our original
submission, and confirmed on RS4 prior to this patch cycle). The
vulnerability was submitted to Microsoft as part of the McAfee Labs
Advanced Threat Research team’s
responsible disclosure policy,
on April 23. Attribution for this vulnerability submission goes to
Cedric Cochin, Cyber Security Architect and Senior Principle Engineer.
In this post, we will address three vectors of research that have
been combined by Microsoft and together represent CVE-2018-8140. The
first of these is an information leak, but we’ll culminate with a demo
showing full code execution to log in to a locked Windows device!
Read More :
https://securingtomorrow.mcafee.com/mcafee-labs/want-to-break-into-a-locked-windows-10-device-ask-cortana-cve-2018-8140/
Comments
Post a Comment