Hackers can summon Cortana to break into Windows 10 PCs

科技动态 2018-06-13

Microsoft has issued a Windows 10 security update to prevent hackers from breaking into PCs using Cortana. Microsoft’s digital assistant is built into every version of Windows 10, McAfee security researchers discovered
it could be summoned from a lock screen to execute malicious software. Any potential hacker would need physical access to a PC, and McAfee details methods to get the digital assistant to index files from a USB drive and execute them.

These files could be executable ones, or Powershell scripts that can even go as far as resetting a Windows 10 account password. The clever attack preys on the ability of Cortana to listen for commands while a Windows 10 PC is locked, combined with the fact the operating system regularly indexes files to make them available in the search interface that Cortana accesses.

McAfee recommends turning off Cortana on the lock screen to prevent the attack, which is particularly relevant in business environments. While Microsoft has patched
this vulnerability with its latest security updates released yesterday, many machines won’t be running the latest updates just yet.

您可能感兴趣的

源资讯 | 新型勒索病毒席卷欧洲;Win 10 源代码网上泄漏... “想哭”病毒风波刚刚平息,本周又发生了不少安全事故。6月27日, 一种类似于 WannaCry 的新勒索病毒又席卷了欧洲 ,导致俄乌两国80多家公司遭殃。据了解,这种病毒锁住了大量的电脑,要求用户支付300美元的加密数字货币才能解锁。这种病毒代号为“Petya”。 比特币初创公司...
Windows 10 Tip: Clear your workspace in two simple... Did you know you can easily clear your workspace in two simple steps? To close out all the windows besides the one you’re working on, select an...
Hackers backdoored CCleaner for a month: Over 2 mi... Hackers backdoored the popular CCleaner Windows utility; for nearly a month, two malware-tainted versions collected computer names, IP addresses, list...
Microsoft is working on a fix for Chrome and Corta... Microsoft launched Windows 10 April 2018 Update this week, and if you rushed to install it you may well have noticed one or two issues. There...
想哭病毒勒索赎金到手:黑客连夜兑换14万美元... 原标题:想哭病毒勒索赎金到手:黑客连夜兑换14万美元 据外媒3日报道,国际黑客已将今年稍早通过大规模勒索病毒“想哭(WannaCry)”攻击所换到的赎金兑现,换得超过14.3万美元。 电脑病毒此前在包括俄罗斯、英国、乌克兰等在内的欧洲多个国家迅速蔓延。 据报道,黑客从“想哭”病毒勒索到...