Microsoft Quickly Plugs Cortana-related Security Hole

Some might say that security exploit CVE-2018-8140 was never a major threat because it requires physical access to a Windows 10 device in order to activate. Security experts have long pushed the idea that once physical access to a device is had by an attacker, the device can no longer ever be considered truly secure.

Nevertheless, Microsoft patched the now infamous Cortana vulnerability as early as June 13 and still had not listed it as genuinely exploited as of today. Their patch ensures Cortana considers what the current security status is when the vocal assistant retrieves information from any relevant services.

Microsoft’s information about the update insinuated that while both x86 and x86_64 systems were among the affected products, older versions of their system software past the support life cycle aren’t affected.

In spite of the fact that many people still hadn’t installed important updates to mitigate the problem, researchers from McAfee had identified the potential exploit back in April. They wrote that the problem had to do with how the default settings enabled the so-called “Hey Cortana” feature from the lock screen.

Thus as long as Cortana could understand the tone of a nearby attacker’s voice, they could theoretically execute arbitrary code. In order to activate it, the screen had to be locked and an attacker would have to speak a certain sequence while creating and also using a specific whitespace sequence on a keyboard in order to bring up a context menu that would permit the disclosure and potential editing of passwords.

If someone were particularly creative, then they could write an executable file to the device so they could install a backdoor on it. Malicious actors wouldn’t be completely empowered to execute them at the time.

However, a skillful cracker who located a vulnerable device could drop a portable executable to system by misusing Cortana and then ensure that it would give them a pathway to do later damage to it.

While it’s currently unlikely that ‘8140 would be much of a serious threat, users are still being urged to update since those who have computers in public environments like large work labs would be targets for this sort of attack.

Tags

John Rendace


John is a GNU/Linux expert with a hobbyist's background in C/C++, Web development, storage and file system technologies. In his free time, he maintains custom and vintage PC hardware. He's been compiling his own software from source since the DOS days and still prefers using the command line all these years later.
Close