by Tom Warren, The Verge
Cortana on the lock screen has some security exploits.
Microsoft has issued a Windows 10 security update to prevent hackers from breaking into PCs using Cortana. Microsoft’s digital assistant is built into every version of Windows 10, McAfee security researchers discovered it could be summoned from a lock screen to execute malicious software. Any potential hacker would need physical access to a PC, and McAfee details methods to get the digital assistant to index files from a USB drive and execute them.
These files could be executable ones, or Powershell scripts that can even go as far as resetting a Windows 10 account password. The clever attack preys on the ability of Cortana to listen for commands while a Windows 10 PC is locked, combined with the fact the operating system regularly indexes files to make them available in the search interface that Cortana accesses.