Google project zero discovers a security flaw in windows 10 s

The Google Project Zero team is dedicated to looking for exploits in the company's products and those developed by other firms. Google has revealed several bugs in the past few months, especially on Windows 10 and Microsoft Edge. Now, a medium severity bug has been found on Windows 10 S systems, with User Mode Code Integrity (UMCI) enabled.

Windows 10 S has a vulnerability, although it is not particularly serious

Windows 10 S is a highly secure operating system with many restrictions, such as the inability to run Win32 applications. However, Google's Project Zero team has discovered a flaw, allowing arbitrary code to run on a UMCI-enabled system, such as Device Guard which is enabled by default in Windows 10 S. This vulnerability only affects systems with Device Guard enabled, which is mainly Windows 10 S, and cannot be exploited remotely, greatly reducing the severity of the problem.

We recommend reading our post on Google Project Zero uncovers a serious security problem in Windows 10

Google reported the problem to Microsoft on January 19, but the Redmond giant was unable to fix it before the April patch release. As a result, Microsoft requested a 14-day extension, informing Google that a solution would be implemented in May. This term exceeded the grace deadline, so Google rejected Microsoft's request and did not grant the additional 14 days.

Last week, Microsoft once again requested an extension on the deadline, claiming it would be resolved in the Redstone 4 (RS4) update, but Google rejected it saying that there is no firm date for the update, and that RS4 was not I would consider a patch widely available.

With today's standard 90-day deadline, Google has publicly disclosed this vulnerability, which primarily affects Windows 10 S. It will be interesting to see if Microsoft is forced to release a hotfix before the next big update.

Neowin font