A Windows security bug would allow an attacker to fool a USB camera used in the biometric facial-recognition aspect of the system. The Windows Hello bypass vulnerability, tracked as CVE-2021-34466, requires physical access to a device to exploit it. Microsoft addressed the vulnerability which affects both consumer and business versions of the feature in its July Patch Tuesday update. Researchers have no evidence that anyone has tried or used the attack in the wild, but someone with motive could potentially use it on a targeted espionage victim.
Source: https://threatpost.com/windows-hello-bypass-biometrics-pcs/167771/