A Vulnerability in Cortana, Now Patched, Allowed Attacker To Access a Locked Computer, Change Its Password

Catalin Cimpanu, reporting for BleepingComputer: Microsoft has patched a vulnerability in the Cortana smart assistant that could have allowed an attacker with access to a locked computer to use the smart assistant and access data on the device, execute malicious code, or even change the PC's password to access the device in its entirety. The issue was discovered by Cedric Cochin, Cyber Security Architect and Senior Principle Engineer at McAfee. Cochin privately reported the problems he discovered to Microsoft in April. The vulnerability is CVE-2018-8140, which Microsoft classified as an elevation of privilege, and patched yesterday during the company's monthly Patch Tuesday security updates. Further reading: Microsoft Explains How it Decides Whether a Vulnerability Will Be Patched Swiftly or Left For a Version Update.

I patched my system ages ago

No Cortana, no problem.

Re: I patched my system ages ago

How to Uninstall and remove the MS A.I. Node key logging spyware known as Cortana :

https://winaero.com/blog/how-to-uninstall-and-remove-cortana-in-windows-10/

Re: I patched my system ages ago

[sysstemlord]

The only time I felt that I love my country, is when my Windows 10 said that Cortana isn't support in my country or region, and never started on my PC.

Re: I patched my system ages ago

That's really hard to do, seems like Cortana is the new Internet explorer, except that almost nobody ever needs it.

Re: I patched my system ages ago

[Trax3001BBS]

How to Uninstall and remove the MS A.I. Node key logging spyware known as Cortana :

https://winaero.com/blog/how-to-uninstall-and-remove-cortana-in-windows-10/

Running Process Explorer https://docs.microsoft.com/en-... if searchUI is listed Cortana is running

I dual boot Linux Mint, from there I rename the file X:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy by adding -something to the end of it.
I don't uninstall it as each update reinstalls it (last one did).

Re: I patched my system ages ago

[Trax3001BBS]

I dual boot Linux Mint, from there I rename the file X:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy by adding -something to the end of it.
I don't uninstall it as each update reinstalls it (last one did).

I've had to remove the rename, leaving the directory as it was.

This update crates a new directory with the same name adding close to 30 new .DLL's. Rebooting and removing same as it claims update didn't work. Next time I reboot it runs the update again - it's a stand off.

After updating, renamed the directory again and all is fine.

So those who uninstalled, I can only imagine the mess they are in.

Bounty

[SumDog]

He better have gotten a huge bug bounty for that. Remove code and auth changes via Cortana? That's gotta be worth at least the $10k PornHub paid for their PHP remote code execution (which wasn't even a PornHub bug, but a PHP one; so that company collected the PHP bounty on top of it as well).

Re: Bounty

He go a thank you note and a box of tissues. Better luck next year champ.

Re: Bounty

Go==Got

Re: Bounty

[gweihir]

If so, he will probably sell on the vulnerability market for >> 100k next time. People want to be honest, but the conditions need to reasonably support that decision.

So, given the pace of new features in Win10

[IWantMoreSpamPlease]

How long before this bug is re-introduced?
It's continually blows my mind people *voluntarily* use Win10...the track record of show-stopping problems with this OS is well known.

Re:So, given the pace of new features in Win10

Most modern software that is used in the business world requires Windows 10. The telepresence and collaboration features are world-class and provide a huge boost to productivity and TTM. We have competitors that struggle along with other solutions and we're constantly celebrating wins over them, on nearly every opportunity.

Re:So, given the pace of new features in Win10

[ole_timer]

why would anyone add Cortana and enable voice commands? (ahh - facebook users might - that's another whole level of stupidness)

Re:So, given the pace of new features in Win10

something something physical access to the computer, why is this news...

as soon as physical access is there the rest of the methodology doesnt matter, security lost.

Re:So, given the pace of new features in Win10

[Solandri]

The bugs don't bother me - they're inevitable. It's the "features" that are deliberately put into Win 10 which annoy me most. I changed the program associated with several file types to non-Microsoft programs soon after upgrading to Win 10. After last week's patch, instead of launching the program when double-clicking on the associated file type, it popped up the standard "no associated program" dialog and asked if I wouldn't rather want to use the Microsoft product instead of the one I'd selected.

If I went to the trouble to change the default to a different program, that should be a pretty clear indication that I don't want to use the default Microsoft program. Please stop bugging me about it. This is supposed to be an operating system that I paid for, not an advertising platform. I'm worried we're headed down the same path as Cable TV - where originally you paid for cable so you wouldn't have to watch ads like on broadcast TV. But soon the cable channels figured out they could charge you for the channel AND put ads in their programming.

Re:So, given the pace of new features in Win10

[gweihir]

Indeed. It is not that MS has gotten even more incompetent. It is that they just do not have what it takes to run a release model like the one of Win10.

Re:So, given the pace of new features in Win10

[gweihir]

And then you look at what most Fortune-500 companies actually run internally, and you find it is not Win10. I know, for example, one that finished the migration to Win7 only 2 years ago or so and will not move to Win10 at all. Instead they will move to web-terminals and Servers on RHEL. Win10 is a very bad deal for everybody (including, funnily, MS), and a lot of people are seeing that pretty clearly.

Re:So, given the pace of new features in Win10

[gweihir]

There are a lot of people that are unable to make a distinction between "new" and "good idea". At least that is the only explanation for this stupidity I have.

Re:So, given the pace of new features in Win10

[ole_timer]

just because you can and should you are very different...

Re:So, given the pace of new features in Win10

It is not that MS has gotten even more incompetent. It is that they just do not have what it takes to run a release model like the one of Win10.

You say that as if the two are mutually exclusive. Why not both?

Re:So, given the pace of new features in Win10

[Known+Nutter]

"Most" - such a weasel word.

I can tell you first hand that #13 on that 500 list is Windows 10 wall-to-wall at the workstation. And #41 and #368 are Win 7/10 mix. Both will remain there for the foreseeable future.

Fortune 500 companies employee 28.2 million people worldwide. Average that out, and those three examples above represent about 169,000 seats. It's a drop in the bucket, sure, but I bet if you really took an *honest* look at what F500 companies actually run internally (at the workstation) you will probably find many more that run Win 7/10, a number I would venture to say probably approaches "most".

Re:So, given the pace of new features in Win10

[gweihir]

What are you even talking about? I pointed out an example that does run Win7 and does not intend to ever go to Win10. And you are talking about "Win7/10"? Have you by accident responded to the wrong posting?

Re:So, given the pace of new features in Win10

[gweihir]

My personal estimation is they always were about this incompetent, but with massive effort managed to hide part of it before. I may be wrong, of course, and the very decision to go to the model Win10 uses may be an indicator in that direction.

Re:So, given the pace of new features in Win10

Well targeting ads is big money, imagine having a log of everything someone looked at online, you'd know more about them than their friends or family; and thats what the Edge browser gets them. Assuming they signed in with a Microsoft account its enabled by default too and most people will be none the wiser given they've use dark patterns.

Re:So, given the pace of new features in Win10

[Marnhinn]

The grandparent rather obviously disagreeing with this statement,"And then you look at what most Fortune-500 companies actually run internally, and you find it is not Win10." The grandparent then provides a few counter examples to your argument and even gives a sample size for how relevant the grandparent's example is vs yours. Is English not your first language?

I'm going to disagree with this one, "Win10 is a very bad deal for everybody (including, funnily, MS),"

I work for MS, on Windows; we don't consider it a bad deal, and in fact wished more of the customers on legacy versions of Windows would move to it. It has its challenges mind you, but we do not consider it a bad deal at all.

I realize this is /. and it's "cool" to be anti-MS, but it's also cool to be right occasionally.

Re:So, given the pace of new features in Win10

If you paid for the os and it doesn't do what you want, return it. You are already using other programs than Microsoft's, you might as well switch the OS too.

Cortana is like Internet Explorer

[xack]

Far too integrated into the operating system for it's own good.

Re:Cortana is like Internet Explorer

[Dwedit]

Step 1: Open administrator command prompt
Step 2: Kill Explorer
Step 3: Kill all the Cortana processes (Explorer automatically restarts them)
Step 4: Using administrator command prompt, Rename C:\windows\SystemApps\Microsoft.Windows.Cortana_something to have .old at the end so Windows can't start it any more.

Warning: May possibly break Windows Update? Not sure.

Cortana == Clippy Junior

[pecosdave]

I thought so from the start, but when they made it so you couldn't fully disable Cortana, then I knew it for sure.

Just like Office of the Clippy era, it's introducing vulnerabilities you can't fix unless you hack the system beyond Microsoft's specifications.

Just rename this "THE WINDOWS BLOG"

A Microsoft story (OR MORE!) a day... well, you know!

Re:Like how Moscow Donald surrendered to North Kor

Wherever you live... Head towards the nearest beach. When you get there, grab a hand full of sand and pack it up your Hellary.

Did you have to simply say "Please"?

[devslash0]

https://imgs.xkcd.com/comics/s...

Re:Did you have to simply say "Please"?

[gweihir]

You have a fundamental misunderstanding there: "sudo" gives you the power of command, you know, like in the *nix world. Saying "please" is a thing you need to do in Windows only, where you are a lowly user to be interfaced but not empowered.

Non-Sequarurrrrrr???

Nothing to do with O.P.

Re:Non-Sequarurrrrrr???

[halivar]

Welcome to Slashdot. The first post is always something about Donald Trump, "gay n*****s", apping apps for luddites, or, if you are very very lucky, something about Golden Girls and cosmonauts.

If you are very very unlucky, it's spam about a custom hosts file.

Re:Non-Sequarurrrrrr???

Tell me more about this custom hosts file! It sounds fascinating! And super useful!

Re:Non-Sequarurrrrrr???

I'm just amazed that the Russian spam blanket includes Slashdot. It's almost flattering that they care enough to post here.

Re:Non-Sequarurrrrrr???

It's almost like maybe it isn't Russians, but actual Americans, and that the Russians are all in your head.

After all, it's easier to point to the big mean boogieman than to realize that you (1) might be wrong and (2) that no not everyone in the US agrees with you, and that therefore (3) you just might not be on the "right side of history".

Past tense?

[WoodstockJeff]

"Microsoft has patched a vulnerability in the Cortana smart assistant that ALLOWS an attacker with access to a locked computer to use the smart assistant and access data on the device, execute malicious code, or even change the PC's password to access the device in its entirety."

The patch was released 1 day ago. This vulnerability still exists for every Cortana-equipped computer that has not yet been updated.

And how many people refuse to update because updates have a history of breaking things?

Re:Past tense?

Physical access is required, at that point what would protect any OS?

Glad it is fixed, so they have to make more noise to break into the system now. However, if you have physical access to a system you can get root/admin with a number of other tricks that don't require the system to be running Windows.

Re:Past tense?

The ability to make certain sounds is NOT physical access.
That's an idiotic claim on the level as saying you visit someone when you call them.

Not vulnerable anymore

[TheDarkMaster]

Using Windows 7 again. After the disastrous 1803 update I decided to stop playing beta operating system tester.

Re:Not vulnerable anymore

And you're planning on moving to Linux by the end of next year, right? Hope so, if you want to continue using the computer for internet access.

Then: you still have 1/3 of Cortana - Windows Search. Which does talk to MS, though in a much more restricted way than Cortana. It's possible to block that, and even to shut off Search entirely, in Win7, but it's much harder (probably impossible, by now) to block Cortana in Win10 (though it can be significantly limited). That said, from a security standpoint, how do you justify giving what's basically a search assistant low-level access to the operating system? Makes no sense. At least, make it go through the public APIs.

Re:Not vulnerable anymore

[TheDarkMaster]

I plan to stay using Windows 7 as long as I could, internet access is not really a "horrible" problem when you have good practices using a browser. Linux will only be an option when those responsible for it take their collective heads off their butts and focus on creating a usable and stable desktop environment. The current trend looks like "UX Developers on Drugs" and now even the Windows 10 UX developers are on drugs too, so I will stay on Seven.

Re:Not vulnerable anymore

[gweihir]

Since it is not feature stable, I will go ahead and call Win10 "alpha" quality.

Re:Cortana == Clippy Junior?

More like Clippy's smarter and nastier sister. Clippy at least had a funny face. Cortana can't even take a joke about Siri any more.

Windows 1803

So, is this the patch that patched the patch after it was patched?

Sorry, Linux on track for buggiest OS

https://www.cvedetails.com/top...

open-sores? lols!

I patched it on day 0

I simply don't allow the bitch to run.

Another avenue of exposure

Something that’s added yet another avenue for attack that makes Windows less secure. But jam it onto our PCs anyway right Microsoft?

If you are open to it, try out linux+wine again...

Wine 3.0.x and 3.x dev releases are heads and shoulders above previous iterations, and even many esoteric programs will work now. The biggest issue I have found is there are still some order of operation issues in d3d/OpenGL (appears to be in higher level d3d libraries, because it affects both the libd3d and opengl renderer in Test Drive Unlimited, causing water edge effects to 'bleed through' other geometry.) Beyond that however, almost every application I throw at it has worked recently, up to Windows 7 era apps. While I can't promise it will be a trouble free experience without testing it for yourself, it certainly isn't any more frustrating than Windows 8-10 have been, and there is a desktop environment emulating pretty much whatever style you want (Whether Windows 9x-XP, Vista/7, or 8+) plus day to day updates don't require reboots, unless you are replacing the kernel for security or reliability related issues. I have systems with regularly months of uptime being used for browsing, gaming, etc without issues. AMD GPUs from HD2xxx-R7 era cards should work out of box, most of the later cards work with AMDGPU and either the open source or proprietary driver, and if you use the Nvidia proprietary drivers, all newer Nvidia cards work out of box including OGL and CUDA. Nouveau(open source nvidia drivers) on OGL 1.x/2.x cards is a mixed bag, Tesla to Kepler is pretty reliable as of Mesa 18, although not feature complete above OGL 3.3 yet and without usable OpenCL support.) Other than those caveats, desktops effectively work across the board, the majority of notebooks, especially low end ones work across the board, mid-high end laptops are on a case by case basis.

Re:If you are open to it, try out linux+wine again

[TheDarkMaster]

Your point is interesting but let me summarize my experience with Linux so far:

In Windows up to version 7, the order is "updates accommodating the old code". The new things works but your old aplications (and some of then can be indeed very old) keeps working;

In Linux the order is "updates breaking the old code". The new things works but only luck will make your old applications work;

And now, to my dismay, the order in Windows 10 is also "updates breaking the old code".

As in..

Scotty doing this in Star Trek 4?

https://m.youtube.com/watch?v=hShY6xZWVGE