Cortana security flaw lets anyone run PowerShell from the lock screen – mitigated by design in our modern client management solution Best Place to Work.
McAfee released a blog post on the 12th of June 2018, disclosing a major flaw they've found in Windows 10 smart assistant named Cortana. Without to much fiddling, an attacker with physical access to a Windows 10 computer at the lock screen could run PowerShell commands with admin privileges, if done right.
The operations department at Ironstone reacted immediately to the news of this threat, but it turned out that we had mitigated this already when creating our client management solution, named "Best Place to Work", BPTW for short. We prioritize security and privacy above all, and therefore we disable features that might compromise users and their privacy. Cortana used from the lock screen is already disabled, which makes Ironstone's BPTW solution not affected by the security flaw.
How to protect your clients?
To make sure your clients are safe from this flaw, simply make sure to disable Cortana on the lock screen. If someone insist on keeping Cortana enabled from the lock screen, Microsoft has released mitigations to this flaw with the latest cumulative updates for Windows 10, released at patch Tuesday 12th of June, 2018.
Windows 10 1709 - KB4284819, bumps version number to 16299.492
- Changelog: https://support.microsoft.com/en-us/help/4043454
- Update files: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4284819
Windows 10 1803 - KB4284835, bumps version number to 17143.112
For more reading, you can visit these links:
Microsoft Security Tech Center - 180612 – "CVE-2018-8140 | Cortana Elevation of Privilege Vulnerability"
MsPowerUser - 180613 – "Massive security hole lets attackers use Cortana to run Powershell scripts from above the lock screen"
WindowsLatest - 180613 – "McAfee discovers code execution vulnerability using Microsoft’s Cortana"
McAfee Securing Tomorrow Blog - 180612 – "Want to Break Into a Locked Windows 10 Device? Ask Cortana (CVE-2018-8140)"