• Skip to content
  • Skip to primary sidebar
  • Skip to footer
  • Gaming
  • Computing
  • Internet
  • Phone and communications
  • Software
  • Mobile computing

The source for tech buying advice

The latest technology news and reviews, covering computing, home entertainment systems, gadgets and more.

Google calls out Microsoft regarding a flaw in Windows 10 S code

April 20, 2018 By discountbonus_sd3n3h



Google’s Project Zero team of bug hunters has found a flaw in Windows 10 S, publicly disclosing the issue despite Microsoft wishing to keep it under wraps until it fixed it.

Project Zero looks for exploits in software, either made by Google, or from other companies, and if one is found the team usually alerts the developers of the software in private, giving them 90 days before going public.

Not only is the finding of the flaw embarrassing enough for Microsoft, but apparently it primarily affects Windows 10 S, a version of the operating system that is designed to be more locked down and secure than other versions by only allowing apps from the Microsoft Store to be installed.

According to Project Zero, the flaw targets users with user mode code integrity (UMCI) and Device Guard enabled – which Windows 10 S has by default. This allows arbitrary code to be run, something that Windows 10 S was specifically designed to prevent.

90-day window

Because the flaw only affects a minority of PCs, and even then hackers would need to physically access the PC, Project Zero only deems this a “medium” security flaw, and gave Microsoft the usual 90 days grace period to fix the issue before it was made public.

However, as Neowin.net reports, Google alerted Microsoft to the flaw way back on January 19, and after Microsoft was not able to issue a fix after those 90 days, in time for April’s Patch Tuesday, Microsoft asked for a 14-day extension.

However, Google refused, and apparently Microsoft again asked for an extension of the deadline so that it could be included in the Redstone 4 update (also known as Spring Creators Update). However, with that update being delayed without a new date set in stone, Google has again refused the extension, and has now made the flaw public.

It’s a bit embarrassing for Microsoft, and we can understand why it was keen to avoid the flaw being made public, but hopefully Google’s move will force Microsoft to get a fix out as soon as possible.

  • A closer look at Windows 10 S, Windows 10 on ARM and Windows 10 IoT



Source link

Filed Under: Computing

Primary Sidebar

Recent Posts

The best broadband and TV deals in January 2018

The best broadband and TV deals in January 2018

If the last thing you want to do on your evening or weekend is to spend time … [Read More...] about The best broadband and TV deals in January 2018

  • Nintendo Switch deals: these Switch Lite bundles come with some incredible games
  • Google Chrome update wants to make sure your passwords are more secure than ever
  • Best Xiaomi phones of 2021: these are the top Mi, Redmi, Poco and Black Shark devices

Follow Us Online

  • Facebook
  • Google+
  • LinkedIn
  • Pinterest
  • Twitter

Footer

Menus

  • Contact
  • Terms of Service
  • Privacy Policy

Most Posts

  • Enterprise mobility management: Back to basics
  • Gaming
  • Computing
  • Internet
  • Phone and communications
  • Software
  • Mobile computing

Newsletter

Copyright © 2021 · WordPress · Log in