Microsoft's digital assistant is in every version of Windows 10 and security researchers McAfee found that Cortana can be enabled from the lock screen to run malware.
A hacker who has physical access to a computer will be able to ask Cortana to access files from USB and run the programs on the USB.
Files run by Cortana may be a Powershell program or script that can be used to change Windows account password 10. This attack takes advantage of Cortana's ability to listen to commands even when the Windows 10 computer is locked.
In addition, this attack also makes use of the fact that Windows 10 routinely tidy up files for those files available in the Cortana search interface.
McAfee recommends shutting down Cortana from the lock screen. Indeed, Microsoft has provided patches to cover this latest flaw. However, it is possible that many computers did not immediately get the update.