NV Access is pleased to announce that version 2022.2.4 of NVDA, the free screen reader for Microsoft Windows, is now available for download. This is a security patch release to fix an exploit where it was possible to open the NVDA python console via the log viewer on the lock screen. We encourage all users to upgrade to this version.
Please note that as this is a patch release, the “What’s new” text has not been translated for this release. Users running NVDA in languages other than English, accessing the “What’s new” text from the Help menu will show the latest version as 2022.2. The correct current version can always be found in the “About NVDA” dialog, available from the Help menu.
Please responsibly disclose potential security issues to firstname.lastname@example.org following our security policy.
This issue affected Windows 10 and 11. It was possible to run the NVDA python console from the lock screen. These exploits could only occur from the lock screen, not the secure sign-in screen where your password is entered.
To prevent this issue using earlier versions of NVDA, disable the Windows lock screen. Instructions to do so can be found in the workarounds section of this older security advisory. Technical details for the security issue will be made available in this yet to be released advisory.
For further information, please contact NV Access via email@example.com.
Please note, after updating any software, it is a good idea to restart the computer. Restart by going to the Shutdown dialog, selecting “restart” and pressing ENTER. Updating software can change files which are in use. This can lead to instability and strange behaviour which is resolved by rebooting. This is the first thing to try if you do notice anything odd after updating.