A Vulnerability in Cortana, Now Patched, Allowed Attacker To Access a Locked Computer, Change Its Password

Catalin Cimpanu, reporting for BleepingComputer: Microsoft has patched a vulnerability in the Cortana smart assistant that could have allowed an attacker with access to a locked computer to use the smart assistant and access data on the device, execute malicious code, or even change the PC's password to access the device in its entirety. The issue was discovered by Cedric Cochin, Cyber Security Architect and Senior Principle Engineer at McAfee. Cochin privately reported the problems he discovered to Microsoft in April. The vulnerability is CVE-2018-8140, which Microsoft classified as an elevation of privilege, and patched yesterday during the company's monthly Patch Tuesday security updates. Further reading: Microsoft Explains How it Decides Whether a Vulnerability Will Be Patched Swiftly or Left For a Version Update.

Bounty

[SumDog]

He better have gotten a huge bug bounty for that. Remove code and auth changes via Cortana? That's gotta be worth at least the $10k PornHub paid for their PHP remote code execution (which wasn't even a PornHub bug, but a PHP one; so that company collected the PHP bounty on top of it as well).

Re: Bounty

He go a thank you note and a box of tissues. Better luck next year champ.

Re: Bounty

[gweihir]

If so, he will probably sell on the vulnerability market for >> 100k next time. People want to be honest, but the conditions need to reasonably support that decision.

So, given the pace of new features in Win10

[IWantMoreSpamPlease]

How long before this bug is re-introduced?
It's continually blows my mind people *voluntarily* use Win10...the track record of show-stopping problems with this OS is well known.

Re:So, given the pace of new features in Win10

Most modern software that is used in the business world requires Windows 10. The telepresence and collaboration features are world-class and provide a huge boost to productivity and TTM. We have competitors that struggle along with other solutions and we're constantly celebrating wins over them, on nearly every opportunity.

Re:So, given the pace of new features in Win10

[ole_timer]

why would anyone add Cortana and enable voice commands? (ahh - facebook users might - that's another whole level of stupidness)

Re:So, given the pace of new features in Win10

[Solandri]

The bugs don't bother me - they're inevitable. It's the "features" that are deliberately put into Win 10 which annoy me most. I changed the program associated with several file types to non-Microsoft programs soon after upgrading to Win 10. After last week's patch, instead of launching the program when double-clicking on the associated file type, it popped up the standard "no associated program" dialog and asked if I wouldn't rather want to use the Microsoft product instead of the one I'd selected.

If I went to the trouble to change the default to a different program, that should be a pretty clear indication that I don't want to use the default Microsoft program. Please stop bugging me about it. This is supposed to be an operating system that I paid for, not an advertising platform. I'm worried we're headed down the same path as Cable TV - where originally you paid for cable so you wouldn't have to watch ads like on broadcast TV. But soon the cable channels figured out they could charge you for the channel AND put ads in their programming.

Re:So, given the pace of new features in Win10

[gweihir]

Indeed. It is not that MS has gotten even more incompetent. It is that they just do not have what it takes to run a release model like the one of Win10.

Re:So, given the pace of new features in Win10

[gweihir]

And then you look at what most Fortune-500 companies actually run internally, and you find it is not Win10. I know, for example, one that finished the migration to Win7 only 2 years ago or so and will not move to Win10 at all. Instead they will move to web-terminals and Servers on RHEL. Win10 is a very bad deal for everybody (including, funnily, MS), and a lot of people are seeing that pretty clearly.

Re:So, given the pace of new features in Win10

[gweihir]

There are a lot of people that are unable to make a distinction between "new" and "good idea". At least that is the only explanation for this stupidity I have.

Re:So, given the pace of new features in Win10

[ole_timer]

just because you can and should you are very different...

Re:So, given the pace of new features in Win10

[Known+Nutter]

"Most" - such a weasel word.

I can tell you first hand that #13 on that 500 list is Windows 10 wall-to-wall at the workstation. And #41 and #368 are Win 7/10 mix. Both will remain there for the foreseeable future.

Fortune 500 companies employee 28.2 million people worldwide. Average that out, and those three examples above represent about 169,000 seats. It's a drop in the bucket, sure, but I bet if you really took an *honest* look at what F500 companies actually run internally (at the workstation) you will probably find many more that run Win 7/10, a number I would venture to say probably approaches "most".

Re:So, given the pace of new features in Win10

[gweihir]

What are you even talking about? I pointed out an example that does run Win7 and does not intend to ever go to Win10. And you are talking about "Win7/10"? Have you by accident responded to the wrong posting?

Re:So, given the pace of new features in Win10

[gweihir]

My personal estimation is they always were about this incompetent, but with massive effort managed to hide part of it before. I may be wrong, of course, and the very decision to go to the model Win10 uses may be an indicator in that direction.

Re:So, given the pace of new features in Win10

[Marnhinn]

The grandparent rather obviously disagreeing with this statement,"And then you look at what most Fortune-500 companies actually run internally, and you find it is not Win10." The grandparent then provides a few counter examples to your argument and even gives a sample size for how relevant the grandparent's example is vs yours. Is English not your first language?

I'm going to disagree with this one, "Win10 is a very bad deal for everybody (including, funnily, MS),"

I work for MS, on Windows; we don't consider it a bad deal, and in fact wished more of the customers on legacy versions of Windows would move to it. It has its challenges mind you, but we do not consider it a bad deal at all.

I realize this is /. and it's "cool" to be anti-MS, but it's also cool to be right occasionally.

Cortana is like Internet Explorer

[xack]

Far too integrated into the operating system for it's own good.

Re:Cortana is like Internet Explorer

[Dwedit]

Step 1: Open administrator command prompt
Step 2: Kill Explorer
Step 3: Kill all the Cortana processes (Explorer automatically restarts them)
Step 4: Using administrator command prompt, Rename C:\windows\SystemApps\Microsoft.Windows.Cortana_something to have .old at the end so Windows can't start it any more.

Warning: May possibly break Windows Update? Not sure.

Cortana == Clippy Junior

[pecosdave]

I thought so from the start, but when they made it so you couldn't fully disable Cortana, then I knew it for sure.

Just like Office of the Clippy era, it's introducing vulnerabilities you can't fix unless you hack the system beyond Microsoft's specifications.

Did you have to simply say "Please"?

[devslash0]

https://imgs.xkcd.com/comics/s...

Re:Did you have to simply say "Please"?

[gweihir]

You have a fundamental misunderstanding there: "sudo" gives you the power of command, you know, like in the *nix world. Saying "please" is a thing you need to do in Windows only, where you are a lowly user to be interfaced but not empowered.

Re: I patched my system ages ago

How to Uninstall and remove the MS A.I. Node key logging spyware known as Cortana :

https://winaero.com/blog/how-to-uninstall-and-remove-cortana-in-windows-10/

Past tense?

[WoodstockJeff]

"Microsoft has patched a vulnerability in the Cortana smart assistant that ALLOWS an attacker with access to a locked computer to use the smart assistant and access data on the device, execute malicious code, or even change the PC's password to access the device in its entirety."

The patch was released 1 day ago. This vulnerability still exists for every Cortana-equipped computer that has not yet been updated.

And how many people refuse to update because updates have a history of breaking things?

Not vulnerable anymore

[TheDarkMaster]

Using Windows 7 again. After the disastrous 1803 update I decided to stop playing beta operating system tester.

Re:Not vulnerable anymore

[TheDarkMaster]

I plan to stay using Windows 7 as long as I could, internet access is not really a "horrible" problem when you have good practices using a browser. Linux will only be an option when those responsible for it take their collective heads off their butts and focus on creating a usable and stable desktop environment. The current trend looks like "UX Developers on Drugs" and now even the Windows 10 UX developers are on drugs too, so I will stay on Seven.

Re:Not vulnerable anymore

[gweihir]

Since it is not feature stable, I will go ahead and call Win10 "alpha" quality.

Re:Non-Sequarurrrrrr???

[halivar]

Welcome to Slashdot. The first post is always something about Donald Trump, "gay n*****s", apping apps for luddites, or, if you are very very lucky, something about Golden Girls and cosmonauts.

If you are very very unlucky, it's spam about a custom hosts file.

Re: I patched my system ages ago

[sysstemlord]

The only time I felt that I love my country, is when my Windows 10 said that Cortana isn't support in my country or region, and never started on my PC.

Re:If you are open to it, try out linux+wine again

[TheDarkMaster]

Your point is interesting but let me summarize my experience with Linux so far:

In Windows up to version 7, the order is "updates accommodating the old code". The new things works but your old aplications (and some of then can be indeed very old) keeps working;

In Linux the order is "updates breaking the old code". The new things works but only luck will make your old applications work;

And now, to my dismay, the order in Windows 10 is also "updates breaking the old code".

Re: I patched my system ages ago

[Trax3001BBS]

How to Uninstall and remove the MS A.I. Node key logging spyware known as Cortana :

https://winaero.com/blog/how-to-uninstall-and-remove-cortana-in-windows-10/

Running Process Explorer https://docs.microsoft.com/en-... if searchUI is listed Cortana is running

I dual boot Linux Mint, from there I rename the file X:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy by adding -something to the end of it.
I don't uninstall it as each update reinstalls it (last one did).

Re: I patched my system ages ago

[Trax3001BBS]

I dual boot Linux Mint, from there I rename the file X:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy by adding -something to the end of it.
I don't uninstall it as each update reinstalls it (last one did).

I've had to remove the rename, leaving the directory as it was.

This update crates a new directory with the same name adding close to 30 new .DLL's. Rebooting and removing same as it claims update didn't work. Next time I reboot it runs the update again - it's a stand off.

After updating, renamed the directory again and all is fine.

So those who uninstalled, I can only imagine the mess they are in.