Vulnerability in Windows Hello allows hackers to bypass biometric security on business PCs

A vulnerability has been identified in the Windows Hello for Business (WHfB) authentication system that allows attackers to bypass the biometric protection of computers and laptops. WHfB was susceptible to attacks using a method of reducing the level of security, despite the use of cryptographic keys, reports the Dark Reading portal.

Image source: Microsoft

WHfB is a feature available in commercial and enterprise editions of Windows 10 since 2016. It uses cryptographic keys stored in the computer’s Trusted Platform Module (TPM) and is activated using biometric or PIN authentication. The feature was supposed to provide a higher level of security compared to passwords or one-time passwords (OTP) sent via SMS.

The vulnerability allows hackers to lower the level of authentication security, allowing access to user accounts. An attacker can intercept and modify POST requests to the Microsoft authentication service, downgrading the WHfB security level to less secure verification levels such as passwords or OTP.

Microsoft created a patch to address the vulnerability in March, adding a new conditional access feature called Authentication strength that administrators can now enable in the Azure Portal. The new update allows you to force only phishing-resistant authentication methods to be used, leaving no room for security compromises.

Experts emphasize that the WHfB system itself remains secure, but organizations need to properly configure conditional access policies to prevent the possibility of downgrading authentication security.

admin

Share
Published by
admin

Recent Posts

Study: Apple C1 mobile modem falls short of Qualcomm modems in terms of connection quality in difficult conditions

A study by Cellular Insights Inc. found that Qualcomm's mobile modems perform better than Apple's…

17 hours ago

Tesla Warns Trump Administration of Chip Tariffs

Tesla has called on the Trump administration to exercise caution in imposing tariffs on imported…

17 hours ago

To better compete with OpenAI, Meta will split its AI team into two

Meta✴ will split its AI teams to better compete with OpenAI and Google, as well…

17 hours ago

The Order: 1886 Director Co-Founds New Studio — Atlantis Studio Aims to Conquer the Industry with Innovative Games

Ru Weerasuriya, co-founder of Ready at Dawn, which closed last summer, and creative director of…

17 hours ago

Review of the wireless speaker “Yandex Station Street”: Alice in the cities

To be honest, when I first saw the news about the release of the portable…

17 hours ago

Blacktail developers announce Davy x Jones — a shooter about the headless pirate Davy Jones in the afterlife of sailors

Polish studio Parasight, known for the folklore action game Blacktail about the young Baba Yaga,…

2 days ago