Open Sesame: Although Microsoft is reportedly trying to make Windows 10 safer, there are bugs in some features that make the life of hackers very easy.
A new thing called Open Sesame allows hackers to run malicious code on a Windows 10 computer using only their voice.
The bug is in the digital assistant Cortana and it was revealed by a group of researchers at the Black Hat conference in Las Vegas.
Researchers report that with this bug anyone could gain access to sensitive files, connect to malicious sites, download and execute infected files, and gain increased privileges (administrator level) on a locked computer.
All of these can happen because the UI in Windows 10 allows them to run applications στο παρασκήνιο ενώ ο υπολογιστής είναι κλειδωμένος. Έτσι χωρίς να χρειάζεται πρόσβαση στο ποντίκι ή το keyboard of the device, the digital assistant Cortana can run several processes.
Security researchers Amichai Shulman, Tal Be'ery of Kzen Networks, and Ron Marcovich and Yuval Ron of the Israel Institute of Technology discovered the flaw and reported it to Microsoft in April, according to a ThreatPost report (Black Hat 2018: Cortana Flaw Allowed Takeover of Locked Windows 10 Device).
The Open Sesame error has already been documented by the code name CVE-2018-8140 and Microsoft reports that no exploit has yet been disclosed.
The flaw exists in Windows 10 Fall builds Creators Update (build 1709) and April 2018 Update (build 1803).
Open Sesame, What can you do? Updates are already running, so just let your system know.
_________________________________
- Passwords saved on your sleeve? and yet yes!
- US visa? social accounts, email, and phone numbers
- Facebook: best to apologize for permission
- Internet: Is decentralization possible? What does the blockchain do?
