Microsoft has made a claim that no known ransomware runs on Windows 10 S, the new and store app only operating system. And someone has tried to challenge that claim to see if such a bold statement could hold up.
A security researcher named Matthew Hickey was asked if ransomware can be installed on Surface Laptop that runs Windows 10 S operating system. And it took him a little over 3 hours to bust the operating system’s several layers of security.
How did he accomplish it?
Hickey used a common attack method in Microsoft Word. He created a malicious, macro-based Word document that, when opened, would carry out a reflective DLL injection attack to allow him to bypass the app store restrictions, and put that file on a network share so it can be treated as a trusted location. Then he downloaded the file from the network share, opened it up and clicked the Enable Content button to trigger the malicious macro Hickey coded in the document.
The game is over once the macro is executed as it gives him access to a shell with administrator privileges. From here, with a few steps, the computer would have been entirely vulnerable and unable to defend against any malware, including ransomware.
To prove his level of access, Hickey even provided a screenshot with plaintext password of the Wi-Fi network, something only available to “system”-level processes.
However, Microsoft rejected the claims.
“In early June, we stated that Windows 10 S was not vulnerable to any known ransomware, and based on the information we received from ZDNet that statement holds true,” said a spokesperson. “We recognize that new attacks and malware emerge continually, which is why [we] are committed to monitoring the threat landscape and working with responsible researchers to ensure that Windows 10 continues to provide the most secure experience possible for our customers.”
The hack is certainly not very practical in the real world. It takes too many steps to carry out the attack and would involve some social engineering and physical access to a computer. While I agree Microsoft’s take on this I also have to point it out that just like there is no software that is bug-free, there is nothing that is hack-proof.
Read the full story on ZDNet.