Hackers can summon Cortana to break into Windows 10 PCs

Windows 10
Photo by Chris Welch / The Verge

Microsoft has issued a Windows 10 security update to prevent hackers from breaking into PCs using Cortana. Microsoft’s digital assistant is built into every version of Windows 10, McAfee security researchers discovered it could be summoned from a lock screen to execute malicious software. Any potential hacker would need physical access to a PC, and McAfee details methods to get the digital assistant to index files from a USB drive and execute them.

These files could be executable ones, or Powershell scripts that can even go as far as resetting a Windows 10 account password. The clever attack preys on the ability of Cortana to listen for commands while a Windows 10 PC is locked, combined with the fact the operating system regularly indexes files to make them available in the search interface that Cortana accesses.

McAfee recommends turning off Cortana on the lock screen to prevent the attack, which is particularly relevant in business environments. While Microsoft has patched this vulnerability with its latest security updates released yesterday, many machines won’t be running the latest updates just yet.


Digital "assistants" are both annoying and unnecessary. How about you give us a way to disable them instead of forcing us to work around them?

Nobody is forcing you to use your digital assistant… They just make life more convenient; especially when you want to go hands free on certain tasks.

Really, Then tell me how to disable it completely. It runs constantly in background and is a way for MS to mine your personal data.

"Digital assistant… DIGITAL ASSISTANT! I don need no stinking DIGITAL ASSISTANT!!"

If you don’t set up Cortana, it is not mining your personal data. It’s the front end for the quick search feature so yeah SearchUI.exe is always running. How else do you search?

Cortana is not something I want or need on my pc and she is disabled on mine, but I had to go into the registry to do it, twice, if I remember correctly, because an update reenabled her. There are instructions out there.

It seems that mindshare is already lost with Cortana and that the victors in the digital assistant "wars" are Amazon, Google, and perhaps Apple. But not Microsoft.

"Open ses-a-me!" Works great. Well done Cortina.

What if Microsoft by default denies authorization to execute programs when a USB stick is inserted while your screen is locked.
The only files that would be possible to open while machine is locked are photos/music/video, everything else should have access denied.
Just my 2 cents.

For anyone looking to disable Cortana’s interfacing functionality:

Type gpedit.msc in the taskbar search bar and hit Enter to open the Local Group Policy Editor.

Navigate to: Computer Configuration > Administrative Templates > Windows Components > Search.

Double-click on "Allow Cortana".

Select Disabled, click Apply, then click Next Setting which should take you to "Allow Cortana above the lock screen". Select Disabled, click Apply, then click OK.

You may need to reboot for this setting to take effect.

NOTE: Evan after these changes, the Cortana process will still be running on your computer (doing what, only Microsoft knows), but the Cortana interface and ability to run commands from the lock screen, as detailed in this article should be disabled.

Not all versions of Windows have group policy edit.

If you just want to disable it on the lock screen then you can just flick the toggle in settings.

The surveillance state has it so easy these days.

It’s too easy…

View All Comments
Back to top ↑