New Search

Microsoft Cortana Elevation of Privilege Vulnerability - CVE-2018-8253

oval:org.cisecurity:def:6007

An elevation of privilege vulnerability exists when Microsoft Cortana allows arbitrary website browsing on the lockscreen. An attacker who successfully exploited the vulnerability could steal browser stored passwords or log on to websites as another user. To exploit the vulnerability an attacker would require physical access to the console and the system must have Microsoft Cortana assistance enabled. The security update addresses the vulnerability by preventing Microsoft Cortana from allowing arbitrary website browsing on the lockscreen.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2016
  • Microsoft Windows 10
Class:
vulnerability
Reference(s):
  • CVE-2018-8253
  • MSRC-CVE-2018-8253
  • KB4343887
Product(s):