Security News > 2021 > July > Microsoft fixes Windows Hello authentication bypass vulnerability

Microsoft has addressed a security feature bypass vulnerability in the Windows Hello authentication biometrics-based tech, letting threat actors spoof a target's identity and trick the face recognition mechanism into giving them access to the system.

As discovered by CyberArk Labs security researchers, attackers can create custom USB devices that Windows Hello will work with to completely circumvent Windows Hello's facial recognition mechanism using a single valid IR frame of the target.

Tsarfati reported the Windows Hello vulnerability tracked as CVE-2021-34466 and rated as Important severity to Microsoft in March.

Microsoft has released Windows 10 security updates to address the CVE-2021-34466 Windows Hello Security Feature Bypass Vulnerability as part of the July 2021 Patch Tuesday.

According to Redmond, Windows Hello customers with biometric sensor hardware and drivers with support for Enhanced Sign-in Security are not exposed to attacks abusing this security flaw.

"Customers with Windows Hello Enhanced Sign-in Security are protected against such attacks which tamper with the biometrics pipeline," Microsoft said in a statement.

News URL

https://www.bleepingcomputer.com/news/security/microsoft-fixes-windows-hello-authentication-bypass-vulnerability/