Security News > 2021 > July > Microsoft fixes Windows Hello authentication bypass vulnerability

Microsoft fixes Windows Hello authentication bypass vulnerability
2021-07-13 19:32

Microsoft has addressed a security feature bypass vulnerability in the Windows Hello authentication biometrics-based tech, letting threat actors spoof a target's identity and trick the face recognition mechanism into giving them access to the system.

As discovered by CyberArk Labs security researchers, attackers can create custom USB devices that Windows Hello will work with to completely circumvent Windows Hello's facial recognition mechanism using a single valid IR frame of the target.

Tsarfati reported the Windows Hello vulnerability tracked as CVE-2021-34466 and rated as Important severity to Microsoft in March.

Microsoft has released Windows 10 security updates to address the CVE-2021-34466 Windows Hello Security Feature Bypass Vulnerability as part of the July 2021 Patch Tuesday.

According to Redmond, Windows Hello customers with biometric sensor hardware and drivers with support for Enhanced Sign-in Security are not exposed to attacks abusing this security flaw.

"Customers with Windows Hello Enhanced Sign-in Security are protected against such attacks which tamper with the biometrics pipeline," Microsoft said in a statement.


News URL

https://www.bleepingcomputer.com/news/security/microsoft-fixes-windows-hello-authentication-bypass-vulnerability/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-07-16 CVE-2021-34466 Authentication Bypass by Spoofing vulnerability in Microsoft Windows 10
Windows Hello Security Feature Bypass Vulnerability
0.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399