Users will have to meet a minimum requirement of 7th Gen Intel Core processor or higher, Intel HD graphics with up-to-date drivers or Nvidia GeForce GTX 1050 and higher, and Windows must be updated with the Fall Creators update.
So, in order to address the issues in security updates, Microsoft and Adobe has issued quick fixes for a number of Windows applications. The researchers tested the trick against several products, including a Dell Latitude laptop with a USB webcam and Microsoft's own Surface Pro 4.More news: Sarah Palin's son again arrested on domestic violence charges
More news: Selena Gomez's mum hospitalised after 'heated conversation' over Justin Bieber
More news: Trump considered pulling Gorsuch's nomination after personal criticism
Even those running the latest Fall Creators Update could potentially be victims here. It is unclear why Microsoft is using an older version when the latest version, 7.57.0 has been out for nearly three weeks, and preceding version, 7.56.1, has been out for nearly two months. Windows Hello must also be entirely reconfigured to prevent a successful attack, so facial recognition should be manually disabled and then turned back on.
According to a few proof of concept videos released by the security researchers (see the first clip below), Windows Hello can be spoofed with a relatively low resolution laser-printed photo of the user taken with a near IR (infrared) camera, although the image must be slightly modified. However, anti-spoofing proved ineffective with the Anniversary Update in SYSS' testing.
The good news is that the latest versions of Windows 10 have fixed the flaw. However, the discovery's still a significant weakness for Windows Hello, described by Microsoft as the "most secure way" to unlock Windows 10. If a user were to update from an older version like 1607 without reconfiguring Hello, then they will still be vulnerable to the attack. Here's what the company will highlight at RSA next week.