Patched Cortana Bug Let Hackers Change Your Password From the Lock Screen

A Cortana bug meant hackers could change the password on locked PCs, but they had to ask really really politely…by which I mean execute a bizarre series of steps.

RELATED: How to Disable Cortana on the Windows 10 Lock Screen

The vulnerability, since patched by Microsoft, all starts with an attacker saying “Hey Cortana” and then typing. This triggered a bug that allowed anyone to search for files on a locked PC. Then attackers could right-click the search results, which really opens things up. Here’s Catalin Cimpanu, writing for Bleeping Computer:

Users can access the right-click menu after…triggering Cortana. This menu includes various sensitive options, such as “Open file location,” “Copy full path,” “Run as Administrator,” or, the more dangerous one, “Run with PowerShell.”

Yeah, once someone can run PowerShell scripts you’re pretty much hosed. Microsoft has since patched this issue, but if you’re still concerned consider locking Cortana in the Windows 10 lock screen, just to be sure.

Justin Pot is the News Editor for How-To Geek. He lives in Hillsboro, Oregon and runs the Hillsboro Signal, which offers local citizen journalism. Follow Justin on Twitter and Facebook, if you want. You don't have to.