NV Access is pleased to announce that version 2021.3.3 of NVDA, the free screen reader for Microsoft Windows, is now available for download. This is a security update which fixes 2 security issues present in older versions of NVDA. We encourage all users to upgrade to this version.
NVDA 2021.3.3 includes 2 security fixes. Please responsibly disclose potential security issues to email@example.com. Both issues require physical access to the computer.
- Prevent privilege escalation from secure screens. When performing an administrative action that requires a secure screen, an NVDA user can open a command prompt with system privileges.
- Prevent a Windows issue that allowed the use of object navigation to read content on the desktop from the lock screen. This affects Windows 10 and 11.
- Details of this issue can be found in the pull request: Prevent Object Navigation Outside of the Lock Screen #13328.
- For technical discussion, please visit the GitHub Discussion.
For further information, please contact NV Access via firstname.lastname@example.org.
Please note, after updating any software, it is a good idea to restart the computer. Restart by going to the Shutdown dialog, selecting “restart” and pressing ENTER. Updating software can change files which are in use. This can lead to instability and strange behaviour which is resolved by rebooting. This is the first thing to try if you do notice anything odd after updating.