Microsoft fixes Windows Hello authentication bypass vulnerability

2021-07-13 19:32

Microsoft has addressed a security feature bypass vulnerability in the Windows Hello authentication biometrics-based tech, letting threat actors spoof a target's identity and trick the face recognition mechanism into giving them access to the system.

As discovered by CyberArk Labs security researchers, attackers can create custom USB devices that Windows Hello will work with to completely circumvent Windows Hello's facial recognition mechanism using a single valid IR frame of the target.

Tsarfati reported the Windows Hello vulnerability tracked as CVE-2021-34466 and rated as Important severity to Microsoft in March.

Microsoft has released Windows 10 security updates to address the CVE-2021-34466 Windows Hello Security Feature Bypass Vulnerability as part of the July 2021 Patch Tuesday.

According to Redmond, Windows Hello customers with biometric sensor hardware and drivers with support for Enhanced Sign-in Security are not exposed to attacks abusing this security flaw.

"Customers with Windows Hello Enhanced Sign-in Security are protected against such attacks which tamper with the biometrics pipeline," Microsoft said in a statement.

News URL

https://www.bleepingcomputer.com/news/security/microsoft-fixes-windows-hello-authentication-bypass-vulnerability/

#authentication #bypass #microsoft #vulnerability #windows #CVE-2021-34466

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2021-07-16	CVE-2021-34466	Authentication Bypass by Spoofing vulnerability in Microsoft Windows 10 Windows Hello Security Feature Bypass Vulnerability microsoft CWE-290	0.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Microsoft		381	52	1423	2928	176	4579

News URL

Related news

Related Vulnerability

Related vendor