Patch Tuesday – McAfee discovers code execution vulnerability using Microsoft’s Cortana

0

McAfee Labs Advanced Threat Research team announced the discovery of a code execution vulnerability using the default settings for Windows 10 and the “Cortana” voice assistant.

More specifically, three attack vectors were discovered by the researchers, whereby after bypassing the locked screen using a simple voice command, they could employ specific tactics – requiring potential user interaction or none at all – to gain access to confidential information:

  1. Search for confidential information and files with ease using contextual menuing/indexed files and applications to search for keywords such as OneDrive.
  2. Locate and in some instances view/exfiltrate sensitive information depending on the application and file restrictions. For example, just by hovering over a specific file sometimes the full path or content would be displayed and scripts could also be accessed. While the attack surface here is limited, there are several ways that malicious activities could be performed even with command restrictions such as by
    1. dropping an executable file
    2. dropping a non-PE payload (see a detailed step-by-step analysis of this in the blog here).
  3. Execute arbitrary code from the lock screen using Cortana contextual menu – in our demo, used to carry out a full password reset and login on a Windows 10 build.

To learn more, check out the blog from McAfee Labs Advanced Threat Research Team

Share.