Cortana is a virtual personal assistant that handles a number of tasks, it can get at reminders, telling jokes and to answer question Cortana uses Bing search engine.
Cochin says the problem is with Cortana default settings respond to any voice calling “Hey Cortana” from the lock screen which can be abused by the attackers to interact with the operating system even if the computer is locked.
By saying “Hey Cortana” users can bring a contextual menu on the locked device login screen, where users can type to search for files present in the system and the Cortana brings the results from indexed files and applications.
If you have the filename matching it shows the file location and if the content matches it presents the content itself.
Attackers can use these methods to execute dropped payload on the system as an administrator by just right-click on the file and “Run as administrator“.
To mitigate the attack users need to turn off Cortana on the lock screen and this issue has been resolved with the recently released Microsoft Tuesday security updates.