Windows 10: McAfee discovers new Windows 10 Cortana vulnerabilities that could manipulate locked systems

Discus and support McAfee discovers new Windows 10 Cortana vulnerabilities that could manipulate locked systems in Windows 10 News to solve the problem; Today, McAfee has announced that it has discovered a new vulnerability in Windows 10’s Cortana digital assistant which could be used to manipulate... Discussion in 'Windows 10 News' started by WinLatest, Aug 14, 2018.

  1. WinLatest New Member

    McAfee discovers new Windows 10 Cortana vulnerabilities that could manipulate locked systems


    Today, McAfee has announced that it has discovered a new vulnerability in Windows 10’s Cortana digital assistant which could be used to manipulate locked systems with physical access. It’s worth noting that the two new flaws have been addressed as part of Microsoft’s August update for Windows 10.

    The vulnerability was discovered by McAfee Labs Advanced Threat Research team and the researchers responsible disclosed it with Microsoft which addressed the vulnerabilities in today’s patch.

    McAfee discovers new Windows 10 Cortana vulnerabilities that could manipulate locked systems cortana-bug.jpg

    The company says that the locked Windows 10 devices with Cortana could allow an attacker with physical access to do two kinds of unauthorized browsing on the unpatched systems.

    The vulnerabilities could allow the attackers:

    • The attacker can force Microsoft Edge to navigate to an attacker-controlled URL.
    • The attacker can use a limited version of Internet Explorer 11 using the saved credentials of the victim.

    “In the first scenario, a Cortana privilege escalation leads to forced navigation on a lock screen. The vulnerability does not allow an attacker to unlock the device, but it does allow someone with physical access to force Edge to navigate to a page of the attacker’s choosing while the device is still locked. This is not a case of BadUSB, man in the middle, or rogue Wi-Fi, just simple voice commands and interacting with the device’s touchscreen or mouse,” researchers Cedric Cochin and Steve Povolny explains in a blog post.

    Some additional discoveries by McAfee being addressed in the latest set of Patch Tuesday updates include:

    • McAfee researchers discovered that Cortana can be forced to open an attacked-controlled page while in a locked state. One way bad actors can take advantage of this vulnerability is to manipulate Wikipedia pages (which Cortana frequently references while in locked mode as a “trusted site”) to contain malicious links and information.
    • Researchers also discovered that attackers can access and navigate Internet Explorer through the Internet Explorer engine and not the full browser, though both JavaScript and cookies are enabled. Using this method, while the device is still locked attackers would be able to post comments on a public forum from another user’s device or impersonate the user thanks to its cached credentials.

    The post McAfee discovers new Windows 10 Cortana vulnerabilities that could manipulate locked systems appeared first on Windows Latest

    Weiterlesen...
     
    WinLatest, Aug 14, 2018
    #1

  2. Can I install updates via McAfee Vulnerability Scanner

    Is it advisable to install all the updates that the McAfee Vulnerability Scanner finds, and download and install them through McAfee? Thought I would be getting notifications from Microsoft on needed updates. They listed several Windows 10 updates and a
    few program updates like Adobe Flash Player for Windows 10 and Shockwave Player. I've always received notifications from Adobe in the past when Flash Player needed an update. Is this new way or is McAfee just intruding?

    McAfee Vulnerability Scanner Update List- Original Title
     
    KirbyJHancock, Aug 14, 2018
    #2
  3. Ahhzz Win User
    Windows 10 Tweaks

    Pressing “Windows+Pause Break” (it’s up there next to scroll lock) opens the “System” Window.

    Windows 10: In the new version of Windows, Explorer has a section called Quick Access. This includes your frequent folders and recent files. Explorer defaults to opening this page when you open a new window. If you’d rather open the usual This PC, with links to your drives and library folders, follow these steps:

    • Open a new Explorer window.
    • Click View in the ribbon.
    • Click Options.
    • Under General, next to “Open File Explorer to:” choose “This PC.”
    • Click OK


    credit to Lifehacker.
     
    Ahhzz, Aug 14, 2018
    #3
  4. Brink Win User

    McAfee discovers new Windows 10 Cortana vulnerabilities that could manipulate locked systems

    New Microsoft Edge vulnerability discovered


    Read more: New Microsoft Edge vulnerability discovered, leaks password and cookie data, such as Twitter and Facebook passwords | On MSFT


    Update: Microsoft responds to 3 unpatched Microsoft Edge vulnerabilities, no fixes available yet | On MSFT
     
    Brink, Aug 14, 2018
    #4
Thema:

McAfee discovers new Windows 10 Cortana vulnerabilities that could manipulate locked systems

Loading...
  1. McAfee discovers new Windows 10 Cortana vulnerabilities that could manipulate locked systems - Similar Threads - McAfee discovers Cortana

  2. Manipulating Text

    in Windows 10 Ask Insider
    Manipulating Text: Hello, I'm looking for a Windows or Office native way to manipulate selected text. In Mac OS , I've used automator to create services that show up in the right-click context menu. For example, I can select some text, right-click, choose my word-jumble service, and the...
  3. New to Windows 10 - Discovered a problem

    in Windows 10 Drivers and Hardware
    New to Windows 10 - Discovered a problem: Hello folks. I'm new here because I'm new to Windows 10. Last week I bit the bullet and picked up a refurbished Dell OptiPlex 9010 SFF computer, which came with Windows 10 Pro (version 1903). The new computer replaces one I had built for me in 2012 (or around about that time)...
  4. New to Windows 10 - Discovered a problem

    in Windows 10 Support
    New to Windows 10 - Discovered a problem: Hello folks. I'm new here because I'm new to Windows 10. Last week I bit the bullet and picked up a refurbished Dell OptiPlex 9010 SFF computer, which came with Windows 10 Pro (version 1903). The new computer replaces one I had built for me in 2012 (or around about that time)...
  5. New updates and McAfee

    in Windows 10 Installation and Upgrade
    New updates and McAfee: I have windows 10 been having issues with the new updates. Before I would do the updates and it would make my computer run worse. Now, I can't really update anything. It wants me to remove McAfee. Which seems odd. What do you think?...
  6. Manipulating MP3 files

    in Windows 10 Network and Sharing
    Manipulating MP3 files: It seems like ever since my laptop got converted from Windows 7 to Windows 10, I am no longer able to manipulate my music files, e.g. dragging a track onto my desktop in order to email them, etc. Any ideas?...
  7. Report: Researchers find a Cortana vulnerability (already patched) which could bypass...

    in Windows 10 News
    Report: Researchers find a Cortana vulnerability (already patched) which could bypass...: If a report is believed to be true, Microsoft’s Cortana could have been used to bypass the security protection of the Windows 10 operating system. It’s worth noting that the vulnerability has already been patched in June by Microsoft. At Black Hat in Las Vegas this week,...
  8. McAfee discovers code execution vulnerability using Microsoft’s Cortana

    in Windows 10 News
    McAfee discovers code execution vulnerability using Microsoft’s Cortana: Microsoft has improved the search feature in Windows 10 with Cortana digital assistant, and it’s now easier to find the information that you’re looking for straight from Cortana with simple voice command. The talented security researchers at McAfee discovered a code execution...
  9. New Microsoft Edge vulnerability discovered

    in Windows 10 News
    New Microsoft Edge vulnerability discovered: Trailing along a number of vulnerabilities across Microsoft’s range of products recently, yet another major security flaw has been discovered. This time by security researcher Manuel Caballero, this latest flaw enables the theft of cookie and password data in Microsoft Edge,...
  10. Kaspersky Lab discovers Silverlight zero-day vulnerability

    in Windows 10 News
    Kaspersky Lab discovers Silverlight zero-day vulnerability: Kaspersky Lab has discovered a dangerous zero-day vulnerability in Silverlight, potentially placing millions of users at risk. In a blog post on Wednesday, the cybersecurity firm said the vulnerability would allow an attacker to gain full access to a compromised computer...