Microsoft has claimed that its new Windows 10 S operating system is protected from all known ransomware. Matthew Hickey, a security researcher was able to prove it wrong in just three hours.
Microsoft has touted security as one of the biggest draws of Windows 10 S, which doesn’t allow applications to be installed unless they are obtained from the Windows Store, alongside a number of other restrictions aimed at shoring up the operating system’s defenses.
As the announcement of Windows 10 S was soon followed by the devastating WannaCry ransomware attack, Microsoft was quick to claim Windows 10 S’ immunity against all ‘known’ ransomware. Challenged by this statement, the folks at ZDNet decided to test the claim and, with the help of security researcher Matthew Hickey, were able to prove it false after just three hours.
Hickey was, in fact, surprised at the ease with which he was able to overcome the operating system’s defenses, proclaiming the following:
Windows 10 S did provide a greater challenge over regular Windows as it locks down many of the tools often used by hackers, such as the command prompt, scripting tools and PowerShell, restricting what Hickey could and couldn’t do. He was, however, able to employ a trick often used by hackers to circumvent Windows secuity: Word macros.
The methodology used by Hickey was as follows:
Of course, Microsoft is aware of the risk associated with macros and prevents them from running by default if the file is downloaded from the internet or as an email attachment. Hickey was able to work around this restriction by downloading the file off a network share, which is considered a trusted source by Microsoft.
Once this was done, he was soon able to gain access to a shell with administrative privileges, install a penetration testing software known as Metapoilt, granting him remote access of the system and then, just do whatever he wanted with his system privileges. At this point, he could turn off system processes, turn off firewalls, disable any defenses the OS had and, as per the point of the exercise, install any ransomware he wanted. Basically, total access.
What was perhaps most interesting about Hickey’s attack was that this was all done through hacking techniques already well known by the community, suggesting Windows 10 S may not be as different from Windows 10 as Microsoft may want us to believe.
To their defense, Microsoft did issue the following statement:
However, this seems like more of a semantic technicality about how no known ransomware uses this methodology than a firm confirmation that your device will be well protected against a ransomware attack if it runs Windows 10 S, though it definitely does seem to make it harder. For example, the malicious file could not be downloaded from the internet and had to be taken from a network – where one would expect your business’ network does not contain malicious actors.
In conclusion, while Microsoft’s new version of Windows 10 is definitely more secure, it’s far from unhackable and if Hickey was able to gain system privileges in just 3 hours, it’s feasible to think an actual hacker dedicated to penetrating the OS would be able to do quite a bit if given enough time.
Source: ZDNet
