WARNING: Update Windows 10 NOW

Major Microsoft security flaw could let hackers use Cortana to bypass your password and access private files your computer

Security experts have warned about a major security flaw in Windows that allows hackers to bypass the password on your computer and access your private files.

The cyber attack leverages a vulnerability in digital assistant Cortana.

The Microsoft voice assistant is built into every version of Windows 10 and is designed to schedule calendar appointments, check the weather, set reminders, send emails, and more.

However, the latest security flaw could enable hackers to browse your private files, install a virus, and even reset your password – locking you out of your own machine.

The hack, which works on password-protected PCs, was discovered by McAfee security researchers.

When Windows 10 is installed with default settings, Cortana is accessible from the lock screen.

However, McAfee experts were also able to summon the window that houses Cortana on the desktop interface simply by typing with any key while Cortana is listening to a query.

The researchers were able to search for files saved on the computer and read file names and details, as well as, in some cases, a short preview of the text stored inside – all from the lock screen.

This flaw could potentially leak sensitive information from the locked laptop.

Worse still, McAfee experts were able to use this Cortana menu to open malicious files stored on USB drives plugged into the computer.

This was possible because of the almost-constant indexing performed by Cortana in the background of Windows 10.

This indexing process is what enables Cortana to find the files on your computer.

However, it also allows hackers to find their own malicious apps stored on a USB, which was inserted into the computer after the owner had locked the system.

These malicious apps can be used to change passwords, infect Windows 10 with viruses, and get unfettered access to the machine.