Windows 10 S can be infected with malware
Microsoft’s newest iteration of Windows, Windows 10 S, has been advertised as one of the safest and most secure versions of the world’s most popular operating system. Since the OS is highly restrictive in nature and it can only run software installed from the Windows Store, Microsoft has put quite a few checks into the system to keep malware and hackers out. Unfortunately, they didn’t plan on Matthew Hickey.
ZDNet reports that they asked Hickey, who is a co-founder of cybersecurity firm Hacker House, to take their new Surface Laptop and try to install malware on it. The Surface Laptop is being positioned as a notebook for students, as it natively runs Windows 10 S. ZDNet’s particular device also had the latest security patches from Microsoft installed on it earlier in the day. However, it took Hickey only about 3 hours to bypass the notebook’s security and get malicious code running.
Despite the absence of tools like the Command Prompt and PowerShell scripting (which can grant access to the underpinnings of standard Windows), Hickey was able to find an exploit in Microsoft Word. By writing specific macros into a Word document and opening the file with administrative privileges (which are set to the default user profile), Hickey carried out a “reflective DLL injection attack,” which allowed him to bypass the machine’s security and directly affect the libraries at the root of the operating system itself.
Normally, to open a Word document that executes macros, “Protected View” must be disabled. In Windows 10 S, this setting is turned on by default. Hickey downloaded the malicious Word document via a network share, which Windows considers a trusted source, and selected the option to enable macros. As such, it may not be hard for future hackers to socially engineer Windows 10 S users into downloading malicious files from a trusted source and choosing to run macros. Despite Microsoft’s claim that their new OS is “not vulnerable to any known ransomware,” it seems that where there’s a will, there’s a way.