Recently, a fairly large security hole has been exposed in Windows 10 systems which allows an attacker to leverage Cortana to run code while not currently logged in to the host. As described by MSPoweruser in this well-documented article, an attacker can leverage Cortana to run PowerShell which can effectively allow the modification of a user account’s password, granting entrance to the attacker even if the system is BitLocker enabled. The only thing the attacker needs is to have physical access to the system.
While Cortana is a useful tool, it is clearly posing a threat to endpoint security with this discovery. IT administrators using JumpCloud can take advantage of our system policies to disable Cortana from use—nearly instantly.
This can be accomplished by simply accessing the “Disable Cortana” Windows policy, enabling it, and binding it to the Group of Systems you wish to disable it for.
Please feel free to contact our Customer Success team with any further inquiries related to enabling system policies or for any guidance you may need while securing your Windows, Mac, and Linux systems at large. You may also see at-a-glance the various policies now supported out of the box. In addition, you may leverage JumpCloud’s Commands feature to execute code (e.g. Powershell) to apply custom policies and settings to systems en masse as well.