As it turned out, the spoofing attack was successful with all versions of Windows 10 on the Dell Latitude PC. You also need a newer PC, one that has Intel's seventh-generation "Kaby Lake" processors or newer, and you'll need to be on the Windows 10 Fall Creators Update or newer.
While this spoofing may not be easy to reproduce by attackers, the security company is urging users of the Windows 10 Anniversary to update to the latest version of the OS, enable the "enhanced anti-spoofing" feature (if available) and reconfigure Windows Hello Face Authentication from scratch after proceeding. Older versions of the operating system are still at risk and may not be updated.
The problem was discovered by researchers at SYSS who disclosed their findings on Full Disclosure. SYSS offers a few more details about its attack on a separate German language writeup on its website. However, by printing a modified photo (with a specific resolution or color scale) of the authenticated user, or by covering the RGB camera with tape, the researchers bypassed Hello through the near-IR enabled camera easily. Holding the printout up to a locked device's camera successfully unlocked it.
Netflix is rolling out an update for its Windows 10 standalone app as well as for Edge browser to bring in support for High Dynamic Range or HDR.More news: Too late: Brexit offer to European Union citizens leaves many cold
More news: Lane Kiffin Agrees To 10-Year Extension At FAU
More news: Senate panel rejects Trump nominee Scott Garrett to head Ex-Im Bank
The security company first reported the vulnerability to Microsoft back in October, and it plans to publish further test results in Spring 2018.
Microsoft had not responded to a request for comment at the time of publication.
What do you think about Netflix HDR support coming to compatible Windows 10 computers? However, the discovery's still a significant weakness for Windows Hello, described by Microsoft as the "most secure way" to unlock Windows 10.
Windows Hello, the facial recognition system that allows users to log into their laptop by looking into the device's camera, can be fooled pretty easily.