Google He discovered a security vulnerability in Windows 10 S, the version of Windows 10 that Microsoft cites as the most secure because it restricts users from using Win32 apps. The security gap επιτρέπει την αυθαίρετη εκτέλεση κώδικα σε Appliances with Device Guard enabled, but according to a post from Neowin, a successful exploit requires system access.
The vulnerability was discovered by the Google program Project Zero which gives stakeholders a 90-day deadline to address bugs in the software τους. Η Microsoft όμως φαίνεται να ζήτησε παράταση στην προθεσμία, αφού προηγουμένως κυκλοφόρησε μια information for the vulnerability in January.
The company then prepared a fix for April, but apparently could not finish it, asking for a deadline by May. However, Google refused to postpone another postponement of the vulnerability, and from now on all the details are released online.
The Windows 10 S bug is particularly difficult to exploit, but if the "safest Windows system" manages to do so, go for a walk.
Windows 10 S does not allow the installation of Win32 software and Microsoft allows you to upgrade to Windows 10 Pro directly through the operating system. However, the mood of Windows 10 S as autonomous functional will soon stop and will be integrated into Windows 10 as "S Mode".
So although Microsoft has promised a patch on May 3rd Patch, it's not sure it will be released as the plan is to integrate the operating as a function into the main OS of the company, namely Windows 10.
If you are interested in more technical details and want the PoC vulnerability you will find it on its announcement page Project Zero of Google.
- Subs Heroes Italian documentary about underground translators
- Microsoft's anti-phishing technology came as an extension to Google Chrome