Windows 10 S Is it completely secure? Microsoft's claim that "no known ransomware" can run on its Windows 10 S operating system does not seem to be true.
In a Friday publication by ZDNet, her security researcher Chippers House Mr Matthew Hickey reported that he managed to crack the security of the operating system in just over three hours.
Hickey was able to achieve remote administrative control and disable various settings security, αφήνοντας έτσι το σύστημα ανοιχτό για attacks malware.
Hackey started with an old technique known as DLL injection, where malicious code is executed through a process that system operations consider is not threatening.
In this case, the violation occurred with a Word document containing the built-in macros that was needed to bypass the hacker's restrictions on Windows 10 S that are designed not to use applications that do not exist in the Microsoft Store.
After bypassing Word protection by downloading the document from a shared network component – instead of a link or email attachment – Hickey could execute some malicious code with administrator privileges.
Using the Metasploit Penetration Testing Software, Hickey managed to obtain the highest possible level of access, with system privileges, and repeated the DLL injection to acquire remote control of the machine.
After all this, as you understand, Hickey could install not just some ransomware but malware he wanted.
The computer, was one of Microsoft's new Surface Laptop, and was totally vulnerable.
Microsoft, meanwhile, has denied ZDNet's claim that its own test has proven that Windows 10 S is not vulnerable to ransomware attacks.
"In early June we stated that Windows 10 S is not vulnerable to any known ransomware," said a spokesperson for companys.
And he wrote:
"We recognize that new attacks and malware are constantly emerging, so we are committed to monitoring the threat landscape and working with responsible investigators to ensure that Windows 10 continues to provide the most secure experience for our customers."
Clearly, based on Hickey's test, Microsoft's claim does not seem to be right. While Windows 10 S may be less vulnerable to such attacks because of only strictly tested software will run that has been approved by Microsoft, there are still ways that can infect computers running this operating system.
Impressing Microsoft that its operating system is invulnerable to all "known ransomware" was not so wise. Strong claims of security invite the challenge.