Windows 10 S Is it completely secure? Microsoft's claim that "no known ransomware" can run on its Windows 10 S operating system does not seem to be true.
In a Friday publication by ZDNet, the researcher better safetyHacker House's Matthew Hickey reported that he was able to crack the security of the operating system in just over three hours.
Hickey was able to achieve remote management control and disable various security settings, leaving the system open for malware attacks.
Hackey started with an old technique known as DLL injection, where malicious code is executed through a process that system operations consider is not threatening.
In this case, the violation occurred with a Word document containing the built-in macros that was needed to bypass the hacker's restrictions on Windows 10 S that are designed not to use applications that do not exist in the Microsoft Store.
After bypassing Word protection by downloading the document from a shared network element – instead of some link or attachment from electronic mail – Hickey could run some malicious code with admin privileges.
Using the Metasploit Penetration Testing Software, Hickey managed to obtain the highest possible level of access, with system privileges, and repeated the DLL injection to acquire remote control of the machine.
After all this, as you understand, Hickey could install not just some ransomware but malware he wanted.
The computer, was one of Microsoft's new Surface Laptop, and was totally vulnerable.
Microsoft, meanwhile, has denied ZDNet's claim that its own test has proven that Windows 10 S is not vulnerable to ransomware attacks.
"In early June, we announced that Windows 10 S was not vulnerable to any known ransomware," said a company spokesman.
And he wrote:
"We recognize that new attacks and malware are constantly emerging, so we are committed to monitoring the threat landscape and working with responsible investigators to ensure that Windows 10 continues to provide the most secure experience for our customers."
Clearly, with base Hickey's test, Microsoft's claim does not seem to be true. While Windows 10 S may be less vulnerable to such attacks because only strictly tested software will run that has been approved by Microsoft, there are still ways that can infect computers running this operating system.
Impressing Microsoft that its operating system is invulnerable to all "known ransomware" was not so wise. Strong claims of security invite the challenge.