{"id":89683,"date":"2018-06-14T14:34:15","date_gmt":"2018-06-14T21:34:15","guid":{"rendered":"https:\/\/securingtomorrow.mcafee.com\/?p=89683"},"modified":"2025-06-08T18:16:58","modified_gmt":"2025-06-09T01:16:58","slug":"unintended-clipboard-paste-function-in-windows-10-leads-to-information-leak-in-rs1","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/unintended-clipboard-paste-function-in-windows-10-leads-to-information-leak-in-rs1\/","title":{"rendered":"Unintended Clipboard Paste Function in Windows 10 Leads to Information Leak in RS1"},"content":{"rendered":"

The McAfee Labs Advanced Threat Research team has been investigating the Windows 10 platform. We have submitted several vulnerabilities already and have disclosed our research to Microsoft.\u00a0Please refer to our vulnerability disclosure policy<\/a> for further details or the post from earlier this week on Windows 10 Cortana vulnerabilities.<\/a><\/p>\n

Windows 10 “Trivial Information”<\/h2>\n

Early last year, a trivial \u201cinformation leak\u201d was reported<\/a> in Windows 10.\u00a0This technique no longer works on most current builds of Windows 10, but a variation of this simple method works quite well on some versions of Windows 10, specifically RS1 (RedStone 1).<\/p>\n

The issue is simple to describe and execute.\u00a0For a local attack, you can use a physical keyboard; if there is a network vector that would allow one to remotely reach the Windows login screen (such as RDP), you can use the software-based keyboard accessible from the lock screen.\u00a0On all versions of Windows 10, the \u201cpaste\u201d function appears to be intentionally forbidden from the Windows lock screen, including the \u201cHey Cortana\u201d function. The original finding demonstrated CTRL+V could be used to paste clipboard contents.\u00a0This is now disabled, even on RS1.\u00a0However, we have found a way to bypass this restriction using the keyboard shortcut CTRL + SHIFT + INSERT, allowing us to access in plain text the clipboard contents, whatever they may be.\u00a0While we are continuing to explore this technique to force-copy functions (and access arbitrary content), for now we can access whatever happens to be copied. In the demo this is a password allowing login.<\/p>\n

\n