Google He discovered a security vulnerability in Windows 10 S, την έκδοση των Windows 10 που η Microsoft αναφέρει σαν την ασφαλέστερη λόγω του ότι περιορίζει τους χρήστες για να μην χρησιμοποιούν εφαρμογές Win32. Το κενό ασφαλείας επιτρέπει την αυθαίρετη εκτέλεση κώδικα σε συσκευές με ενεργοποιημένη τη λειτουργία Device Guard, αλλά σύμφωνα με μια δημοσίευση από το Neowin, μια επιτυχή εκμετάλλευση απαιτεί πρόσβαση στο σύστημα.
The vulnerability has been discovered by the Google Project Zero program that gives stakeholders a 90 days deadline to troubleshoot their software. But Microsoft seems to have requested an extension on the deadline after releasing a vulnerability update in January.
Η company he was then preparing a fix for April, but apparently was unable to complete it, asking for a deadline of May. However, Google refused to give another delay in publishing the vulnerability, and as of today all the details are circulating online.
The Windows 10 S bug is particularly difficult to exploit, but if the "safest Windows system" manages to do so, go for a walk.
Windows 10 S does not allow it installation Win32 software and Microsoft allows upgrading to Windows 10 Pro directly from within the operating system. However, the availability of Windows 10 S as autonomous functional will soon stop and will be integrated into Windows 10 as "S Mode".
So although Microsoft has promised a patch on May 3rd Patch, it's not sure it will be released as the plan is to integrate the operating as a function into the main OS of the company, namely Windows 10.
If you are interested in more technical details and want the PoC vulnerability you will find it on its announcement page Project Zero of Google.
- Subs Heroes Italian documentary about underground translators
- Microsoft's anti-phishing technology came as an extension to Google Chrome
