Cortana is a virtual personal assistant that handles a number of tasks, it can get at reminders, telling jokes and to answer question Cortana uses Bing search engine.
McAfee Security researcher Cedric Cochin identified the Cortana Elevation of Privilege Vulnerability and it was tracked as CVE-2018-8140.
Cochin says the problem is with Cortana default settings respond to any voice calling “Hey Cortana” from the lock screen which can be abused by the attackers to interact with the operating system even if the computer is locked.
By saying “Hey Cortana” users can bring a contextual menu on the locked device login screen, where users can type to search for files present in the system and the Cortana brings the results from indexed files and applications.
If you have the filename matching it shows the file location and if the content matches it presents the content itself.
Attackers can use these methods to execute dropped payload on the system as an administrator by just right-click on the file and “Run as administrator“.
Researchers used simple PowerShell command to execute the code that presents in the USB drive to bypass the policy and to reset the password to log in with the windows 10 machine.
To mitigate the attack users need to turn off Cortana on the lock screen and this issue has been resolved with the recently released Microsoft Tuesday security updates.