NV Access is pleased to announce that version 2022.2.1 of NVDA, the free screen reader for Microsoft Windows, is now available for download. This is a security update which fixes 1 security issue present in older versions of NVDA. We encourage all users to upgrade to this version.
Please note that as this is a security update, the “What’s new” text has not been translated for this release. Users running NVDA in languages other than English, accessing the “What’s new” text from the Help menu will show the latest version as 2022.2. The correct current version can always be found in the “About NVDA” dialog, available from the Help menu.
Please responsibly disclose potential security issues to firstname.lastname@example.org following our security policy.
This issued affected Windows 10 and 11. It was possible to use NVDA’s object navigation to read content on the desktop from the lock screen. It was also possible to run the NVDA python console from the lock screen. These exploits could only occur from the lock screen, not the secure sign-in screen where your password is entered.
To prevent this issue using earlier versions of NVDA, disable the Windows lock screen. Instructions to do so can be found in the workarounds section of the security advisory. Technical details for the security issue can also be found in the advisory.
For further information, please contact NV Access via email@example.com.
Please note, after updating any software, it is a good idea to restart the computer. Restart by going to the Shutdown dialog, selecting “restart” and pressing ENTER. Updating software can change files which are in use. This can lead to instability and strange behaviour which is resolved by rebooting. This is the first thing to try if you do notice anything odd after updating.