Windows 10 S already hacked: maybe it would not be okay to remove anti-virus

Windows 10 S is an operating system with some restrictions to promote security and stability. It does not allow you to install apps that are not available on the Windows Store and is aimed at students and practitioners who cannot install anti-virus because – on paper – is unnecessary.

Following the spread of WannaCry, Microsoft underlined how Windows 10 S was invulnerable to all ” known ” ransomware. But is he so sure?

To test this specific feature of the new Windows 10 SKU was ZDNet, with the help of Matthew Hickey security expert. The latter said he was surprised by the ease with which the defenses of the SO could be scratched:

” I’m honestly surprised by the fact that it was so easy. When I read the new operating systems branding and marketing I thought they had increased the Defended further than normal. “

The researcher then continued: ” I would have preferred, for example, more restrictions on running privileged processes. ” However, Windows 10 S still has a higher commitment to be violated, as it blocks many of the tools used most often by aggressors. Among them is the Command Prompt and the Powershell, thus limiting Hickey’s freedom of action and imposing on it a different path to those traditionally used.

By exploiting a hacker-known trick, Hickey managed to undermine the security of Windows 10 S, for accuracy with Word macros. Below we propose the free translation of what ZDNet wrote to explain the process used:

” Hickey created a malicious macro for a Word document that, when executed, would allow him to start an Injection DLL attack and circumvent restrictions on the app store by injecting code into an already authorized and authorized process. Word case was opened with administrative privileges through the Task Manager, a linear process since default offline accounts have administrative privileges. “

According to the researcher, with more paperwork you can automate the process using a more advanced macro. It is to be considered that Microsoft is already aware of the risks posed by the Macros on Office products and forbids the execution of the same for files downloaded from the Internet or via e-mail. The researcher has circumvented this restriction by downloading the file from a shared network, considered by the operating system as a reliable source.

Once done, he had access to a shell with administrator privileges, installed Metapolit, and got remote access to the system. At this point, it could perform any operation through the privileges obtained, such as enabling or disabling system processes, extinguishing firewalls, disabling any type of defense, and of course installing any ransomware as well. In other words, it has gained total access to the victim system.

It is also interesting to note that Hickey succeeded in using hacking techniques already known by the community and exploiting with Windows 10 to substantially demonstrate that the heart of the new Windows 10 S is identical to that of traditional SKUs. It is not too late to arrive at Microsoft’s response, which goes far beyond the charges brought by the US source.

” In early June, we stated that Windows 10 S was not vulnerable to known ransomware, and based on information received from ZDNet we can only confirm that statement, ” a spokeswoman said. ” We know new attacks and new malware are emerging, and that is why we are committed to monitoring the computer landscape and collaborating with researchers to ensure that Windows 10 continues to offer the best possible experience for our customers. “

In short, the conclusion is always the same: Windows 10 S can also be safer than traditional SKUs, but in computer science, there is nothing invulnerable. And it is good that you know it.