Thu. Nov 14th, 2019

Microsoft refused to fix the Windows 10 Mobile security feature bypass vulnerability

1 min read

Microsoft acknowledges a security vulnerability on Windows 10 Mobile that “allows a user to access files and folders through the locked screen“. The good news is that the vulnerability only exists when Cortana is enabled on the lock screen, but the bad news is that Microsoft said it will not fix the vulnerability.

Windows zero day flaws

Microsoft said:

An attacker who successfully exploited this vulnerability could access the photo library of an affected phone and modify or delete photos without authenticating to the system.

However, to exploit this vulnerability, the attacker needs physical access to the phone and needs to Cortana is enabled on the lock screen. This vulnerability exists in all Windows 10 Mobile, but Microsoft said there is no evidence that hackers exploit the vulnerability to steal data. If you are still using Cortana, the only solution is to disable Cortana in a lock screen.

Microsoft provides the following steps to protect your phone:

  1. Open the Cortana app from the applications screen.
  2. Tap on the Menu button (3 horizontal bars) in the top left of the Cortana app.
  3. Tap on Settings option.
  4. Set the slider for the Lock Screen option to Off to prevent access to Cortana when the device is locked.