Warning: Windows 10 S is affected by a medium severity security issue

Radu Tyrsina
by Radu Tyrsina
Founder & Editor-in-Chief
Loading Comments
Download PDF

Google found and helped addressed a few bugs during the past couple of months especially in Microsoft Edge and Windows 10. Now, the tech giant unveiled a “medium” security issue in systems that have the user mode code integrity (UMCI) enabled. Windows 10 S was the OS that was used as an example because it has the policy enabled by default.

Windows 10 S is a secure OS despite the new finding

Windows 10 S is a highly secured operating system, but it has its own share of restrictions including the fact that you can’t run Win32 apps in it. Google Project Zero team found a flaw lurking in the OS that allows arbitrary code extension on a system which has UMCI enabled. In Windows 10 S, Device Guard is enabled by default.

The vulnerability only affects the systems that have device Guard enabled, and the flaw cannot be exploited from other systems remotely. To be able to do this, an attacker would have to have the code already running on the system in order to modify registry entries. This would significantly lower the issue’s severity. According to Google, the flaw would not be this severe if other bypass methods were fixed. For instance, the Remote Code Execution (RCE) in Edge is still not fixed. This is the reason for which the flaw was classified as “medium.”

Google revealed the flaw just before Microsoft’s April’s Patch Tuesday

The timing of Google’s finding and the announcement regarding the weakness was a bit strange, considering that Microsoft couldn’t have fixed it before the patch’s release. This is what led to the Redmond giant to request a 14-day extension.

On the other hand, Microsoft informed Google that it would roll out a fix next month in the May Patch Tuesday. Google refused Microsoft’s request, and it did not give the company the 14 days that it asked for, at the same time making the flaw public.

RELATED STORIES TO CHECK OUT: