Share this article

Latest news

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Google’s Project Zero outs Microsoft for security flaw in Windows 10 S

3 min. read

Published onApril 20, 2018

published onApril 20, 2018

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Google’s Project Zero team has rightfully pointed outseveral security issueswith Microsoft’s products in the past, and they’ve now just disclosed yet another vulnerability. This time, after waiting out the 90-day deadline for a fix to be published (and not getting action from Microsoft) the team has publically documented a “medium” security vulnerability in the Windows 10 S operating system (via Neowin.)

Windows 10 S made its debut on Microsoft’s Surface Laptop last year, and this special version of Windows 10 that can only run Windows Store apps has since been used by some PC manufacturers for low-cost education-focused machines. Considering that Windows 10 S is marketed by Microsoft as “streamlined for security,” this latest disclosure definitely raises some questions about how secure the operating system really is.

Google’s notes on the vulnerabilitycan be seen here, and it primarily involves a method of bypassing the Windows Lockdown Policy by using a bug in the .NET Framework. The vulnerability, though, only impacts systems with Device Guard enabled, and it can’t be exploited remotely, which makes it less severe. According to Google:

This issue was not fixed in April patch Tuesday therefore it’s going over deadline. This issue only affects systems with Device Guard enabled (such as Windows 10S) and only serves as a way of getting persistent code execution on such a machine. It’s not an issue which can be exploited remotely, nor is it a privilege escalation. An attacker would have to already have code running on the machine to install the registry entries necessary to exploit this issue, although this could be through an RCE such as a vulnerability in Edge. There’s at least two know DG bypasses in the .NET framework that are not fixed, and are still usable even on Windows 10S so this issue isn’t as serious as it might have been if all known avenues for bypass were fixed.

Google originally disclosed this vulnerability to Microsoft in February but Microsoft was not able to patch it in time, even after requesting a 14-day extension period and providing additional context for the deadline miss. Microsoft also requested an additional grace extension, saying the Redstone 4 release would have the fix, but Google once again turned it down, saying there is no firm date for the Redstone 4 release, and it is not considered a “broadly available patch.”

Microsoft is actuallyplanning on re-brandingWindows 10 S to “Windows 10 in S Mode” later this year. The company has said that S mode will be available for all versions of Windows 10, and it will appear on new PCs following the Redstone 4 update. Citing security and consistent performance, Microsoft previously noted that its customers have received Windows 10 S positively, so it will be interesting to see how Windows 10 in S mode takes off.

Radu Tyrsina

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time).

For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web.

Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they’re looking for.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Radu Tyrsina