Warning: Windows 10 S is affected by a medium severity security issue

By: Costea Lestoc
2 minute read

Google found and helped addressed a few bugs during the past couple of months especially in Microsoft Edge and Windows 10. Now, the tech giant unveiled a “medium” security issue in systems that have the user mode code integrity (UMCI) enabled. Windows 10 S was the OS that was used as an example because it has the policy enabled by default.

Windows 10 S is a secure OS despite the new finding

Windows 10 S is a highly secured operating system, but it has its own share of restrictions including the fact that you can’t run Win32 apps in it. Google Project Zero team found a flaw lurking in the OS that allows arbitrary code extension on a system which has UMCI enabled. In Windows 10 S, Device Guard is enabled by default.

The vulnerability only affects the systems that have device Guard enabled, and the flaw cannot be exploited from other systems remotely. To be able to do this, an attacker would have to have the code already running on the system in order to modify registry entries. This would significantly lower the issue’s severity. According to Google, the flaw would not be this severe if other bypass methods were fixed. For instance, the Remote Code Execution (RCE) in Edge is still not fixed. This is the reason for which the flaw was classified as “medium.”

Google revealed the flaw just before Microsoft’s April’s Patch Tuesday

The timing of Google’s finding and the announcement regarding the weakness was a bit strange, considering that Microsoft couldn’t have fixed it before the patch’s release. This is what led to the Redmond giant to request a 14-day extension.

On the other hand, Microsoft informed Google that it would roll out a fix next month in the May Patch Tuesday. Google refused Microsoft’s request, and it did not give the company the 14 days that it asked for, at the same time making the flaw public.

RELATED STORIES TO CHECK OUT:

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patended Technologies (requires upgrade).

Discussions

Next up

Best Windows 10 antivirus software to use in 2018

By: Radu Tyrsina
7 minute read

Update – 2018 will soon come to an end and we already have a guide on what is the best antivirus you should get in […]

Continue Reading

These features are out for good with Windows 10 version 1809

iamsovy@gmail.com' By: Sovan Mandal
2 minute read

Microsoft is all set to launch its next big update, Windows 10 version 1809 in October. While that should be a nice piece of news […]

Continue Reading

Windows 10 18H2 builds no longer receive new features

By: Matthew Adams
3 minute read

The Windows 10 October 2018 Update (otherwise 18H2) rollout might now be two to three weeks away. For the last few months, new build previews […]

Continue Reading