Skip to main content

Oops: Microsoft’s “Super-secure” Windows 10 S Hacked In 3 Hours

Image
By

windows 10 s hacked
Image: ZDNet
With the launch of Windows 10 S, Microsoft claimed that it’s an extra-secure operating system that’s protected against all kinds of ransomware. To test the claims, folks at ZDNet hired a security firm. As a result, the hackers were able to breach Windows 10 S within 3
hours by using Microsoft Word’s handling of macros.
At its Build 2017 Developer Conference, Microsoft unveiled a new version of Windows 10, which was called Windows 10 S (here’s how it’s different from Windows 10). Aimed primarily at schools and education sector, this operating system doesn’t allow one to install applications other than those from Windows Store. Microsoft said that it was an additional step taken to enhance the security.
While this inability to install foreign applications on Windows 10 S was bashed by many, Microsoft further declared that Windows 10 S can’t be targetted by any kind of ransomware. That’s a bold claim.
So, to check the validity of this claim, the folks at ZDNet hired the security firm Hacker House. They put a simple question in front of Matthew Hickey, a security researcher and co-founder of Hacker House: “Will ransomware install on this operating system?”

Macros tricked Microsoft once again

Windows 10 S did present some hurdles. Apart from the only-Windows-Store-apps limitation, there isn’t any Command Prompt or PowerShell. The hacker expected more restrictions on trying to run processes with escalated privileges, but he was surprised to realize how easy it was to hack Windows 10 S.
He made use of a longtime foe — macros. Hickey was able to exploit how Word handles and processes macros. He created a notorious, macro-based Word file. Upon opening, the file allowed him to launch a reflective DLL injection attack. This way he bypassed the Windows Store restriction put by Microsoft because Word is itself available in Windows Store.
macros windows 10 s hack
Image: ZDNet
Please note that Word’s protected view feature blocks the macros in files which are downloaded from the internet or email. That’s why Hickey downloaded the file via a network share. Windows considers it a trusted source and gives full access.
By running the code, he was able to download a payload using Metasploit (here are some more hacking tools) and connect the OS to his C&C server. This way, he was able to remotely control the computer. “If I wanted to install ransomware, that could be loaded on,” he said. “It’s game over.”
You can read the complete story on Windows 10 S hack here on ZDNet.
Labels:

Comments

Post a Comment

Follow Us

WHAT'S HOT

Best Gaming Linux Distros You Need To Try In 2017

By
Gaming on Linux scene is improving each year with better hardware support and increasing support from game developers. Apart from established distros like Ubuntu and Arch Linux, gamers are using gaming Linux distros like Steam OS to get a better experience. The other It’s gaming operating systems are Sparky Linux – Gameover
Post a Comment
Continue Reading »

Learn How To Activate iOS 11 Dark Mode

By
Apart from all the major iOS 11 features and changes, there are some hidden and minor features as well. In this release, Apple has included a feature named Smart Invert Colors, which is the closest you can get while looking for an iOS 11 dark mode.
Post a Comment
Continue Reading »

Microsoft Set To Put Fingerprint Sensor In Keyboard Keys

By
According to a new patent titled “ Keyset Fingerprint Sensor ,” Microsoft might be working to integrate the fingerprint sensor in keyboard keys. The fingerprint recognition might be done
Post a Comment
Continue Reading »

Latest Linux Distribution Releases List

By
This list is prepared with the inputs from different Linux distro developers and the official release notes. But, before going ahead and taking a look at latest releases, don’t forget to check out our useful lists of best Linux distros of 2017: Best Linux Distro For Beginners Best Linux Distro For Gamers Best Lightweight Linux Distros Best Operating Systems For Ethical Hacking Linux Distribution Releases (July 2017) Linux Mint 18.2 Release Date: July 2nd, 2017 You can read about Linux Mint 18.2 Sonya in detail  on 9jabreezeland . 4MLinux 22.0 Release Date: July 1st, 2017 4MLinux 22.0 is the latest stable release. It comes loaded with LibreOffice 5.4.0.1, GIMP 2.8.22, Dropbox 28.4.14, Firefox 54.0, Chromium 59.0.3071.86, etc. The biggest change comes with 4MLinux Server, which is a lightweight and fast server Linux distro. You can read more about 4MLinux 22.0  here . Netrunner 17.06 Release Date: July 1st, 2017 Netrunner 17.06, codenamed Daed...
Post a Comment
Read more