The Google Project Zero team is dedicated to finding exploits in the company’s products and those developed by other firms. Google has revealed several errors in recent months, especially in Windows 10 and Microsoft Edge. Now, a medium-gravity fault has been found on Windows 10 S systems, with user-mode code integrity (UMCI) enabled.
Google Project Zero discovers a security flaw in Windows 10 S
Windows 10 S is a highly secure operating system with many restrictions, such as the inability to run Win32 applications. However, the Google Project Zero team has discovered a bug, which allows arbitrary code to be executed on a system with UMCI enabled, such as Device Guard which is enabled by default in Windows 10 S. This vulnerability only affects systems with Device Guard enabled, which is mainly Windows 10 S and cannot be exploited remotely, significantly reducing the severity of the problem.
Google reported the problem to Microsoft on January 19, but Redmond’s giant couldn’t fix it before the April patch was released. As a result, Microsoft requested a 14-day extension, informing Google that a solution would be implemented in May. This deadline exceeded the grace period, so Google rejected Microsoft’s request and did not grant the additional 14 days.
Last week, Microsoft once again requested an extension on the deadline, claiming that it would be resolved in the Redstone 4 (RS4) update, but Google rejected it by saying that there is no firm date for the update and that RS4 would not be considered a widely available patch.
With the standard 90-day timeframe exceeding today’s deadline, Google has publicly revealed this vulnerability, which mainly affects Windows 10 S. It will be interesting to see if Microsoft is forced to launch a hotfix before the next major update.
Related posts:
MacOS 10.13 High Sierra update and security updates fixes a serious Bluetooth® problem
Leave a Reply