Описание
Windows 10 Mobile Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in Windows 10 Mobile when Cortana allows a user to access files and folders through the locked screen. An attacker who successfully exploited this vulnerability could access the photo library of an affected phone and modify or delete photos without authenticating to the system.
To exploit the vulnerability, an attacker would require physical access and the phone would need to have Cortana assistance allowed from the lock screen.
Обходное решение
The following workaround can protect users from this vulnerability by disabling access to Cortana on the phone lock screen. This can be accomplished by following these steps:
- Open the Cortana app from the applications screen.
- Tap on the Menu button (3 horizontal bars) in the top left of the Cortana app.
- Tap on Settings option.
- Set the slider for the Lock Screen option to Off to prevent access to Cortana when the device is locked.
FAQ
Where do I find the update for Windows 10 Mobile?
Microsoft is not planning on fixing this vulnerability in Windows 10 Mobile. Microsoft recommends implementing the workaround to restrict access to Cortana.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
Связанные уязвимости
A security feature bypass vulnerability exists in Windows 10 Mobile when Cortana allows a user to access files and folders through the locked screen, aka 'Windows 10 Mobile Security Feature Bypass Vulnerability'.
A security feature bypass vulnerability exists in Windows 10 Mobile when Cortana allows a user to access files and folders through the locked screen, aka 'Windows 10 Mobile Security Feature Bypass Vulnerability'.
Уязвимость голосового помощника Cortana операционных систем Windows 10 Mobile, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS