Mar 11 2019
02:14 AM
- last edited on
Feb 19 2021
04:58 AM
by
TechCommunityAP
Mar 11 2019
02:14 AM
- last edited on
Feb 19 2021
04:58 AM
by
TechCommunityAP
My new company's InfoSec staff has security concerns about Cortana and has it disabled. Can anyone provide me some second opinions about the basis and validity of these concerns?
Mar 13 2019 12:42 PM - edited Mar 13 2019 01:01 PM
Hi Dean,
Disabling Cortana (on the lock screen only) was only recommended as a workaround for people who couldn't or hadn't yet applied the patch. Applying the patch resolves the issue:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8140
The original McAfee article, by the researchers who discovered the vulnerability, also recommends the patch and only suggests disabling on the lock screen in the absence of the patch:
I hope that helps.