CVE-2019-1314 Windows 10 Mobile Security Feature Bypass Vulnerability

    CVE-2019-1314 Windows 10 Mobile Security Feature Bypass Vulnerability

    CVE-2019-1314 Windows 10 Mobile Security Feature Bypass Vulnerability


    Posted: 10 Oct 2019

    Security Vulnerability

    Published: 10/08/2019
    MITRE CVE-2019-1314

    A security feature bypass vulnerability exists in Windows 10 Mobile when Cortana allows a user to access files and folders through the locked screen. An attacker who successfully exploited this vulnerability could access the photo library of an affected phone and modify or delete photos without authenticating to the system.

    To exploit the vulnerability, an attacker would require physical access and the phone would need to have Cortana assistance allowed from the lock screen.

    Exploitability Assessment

    The following table provides an exploitability assessment for this vulnerability at the time of original publication.

    Publicly Disclosed Exploited Latest Software Release Older Software Release Denial of Service
    No No 2 - Exploitation Less Likely 2 - Exploitation Less Likely Not Applicable

    Security Updates

    To determine the support life cycle for your software version or edition, see the Microsoft Support Lifecycle.

    Product Platform Article Download Impact Severity Supersedence
    Windows 10 Mobile Security Feature Bypass Important

    Mitigations

    Microsoft has not identified any mitigating factors for this vulnerability.

    Workarounds

    The following workaround can protect users from this vulnerability by disabling access to Cortana on the phone lock screen. This can be accomplished by following these steps:

    1. Open the Cortana app from the applications screen.
    2. Tap on the Menu button (3 horizontal bars) in the top left of the Cortana app.
    3. Tap on Settings option.
    4. Set the slider for the Lock Screen option to Off to prevent access to Cortana when the device is locked.

    FAQ

    Where do I find the update for Windows 10 Mobile?

    Microsoft is not planning on fixing this vulnerability in Windows 10 Mobile. Microsoft recommends implementing the workaround to restrict access to Cortana.

    Acknowledgements

    Yuval Ron, Amichai Shulman, and Eli Biham of Technion - Israel Institue of Technology
    See acknowledgements for more information.

    Disclaimer

    The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

    Revisions

    Version Date Description
    1.0 10/08/2019 Information published.

    Source: https://portal.msrc.microsoft.com/en.../CVE-2019-1314
    Brink's Avatar Posted By: Brink
    10 Oct 2019


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 06:51.
Find Us




Windows 10 Forums