Home United States USA — software Google Finds Security Flaw in the Most Secure Windows 10 Version

Google Finds Security Flaw in the Most Secure Windows 10 Version

196
0
SHARE

Windows 10 S vulnerability discovered by Google engineers
The security flaw allows for arbitrary code execution on devices with Device Guard enabled, and according to a post from Neowin, a successful exploit requires access to the system.
The vulnerability was discovered as part of the Google Project Zero program which provides vendors with 90 days to address bugs in their software. It looks like Microsoft, however, asked for an extension to the deadline, as it needed more time to ship a patch after previously being informed of the flaw in January.
A fix was originally due in April, but Microsoft couldn’t complete work on the patch before this month’s Patch Tuesday, and the company then pushed the deadline to May. Google, however, refused to offer an extension and instead published the details online.
The Windows 10 S security bug is flagged with a medium severity rating, and while it’s particularly difficult to exploit it, other possible flaws in the operating system could lead to cybercriminals getting more control on a compromised host.
Windows 10 S does not allow Win32 software to be installed on devices running it, and Microsoft enables the upgrade to Windows 10 Pro straight from within the OS. Windows 10 S, however, will soon be discontinued and integrated into Windows 10 as “S Mode,” which means that Microsoft would enable all its features on more than just a single version of the operating system.
At this point, Microsoft is expected to deliver a patch for this Windows 10 S vulnerability early next month on Patch Tuesday, but an out-of-band fix is not out of the table entirely either. Securing devices against exploits aimed at this flaw shouldn’t be too hard given that remote attacks aren’t possible, so blocking unauthorized access to the PC is pretty much enough to stay on the safe side.

Continue reading...