Microsoft boats that Windows 10 S is immune to such attacks because it cannot run traditional Win32 apps. Windows 10 S is only capable of running Universal Windows Platform (UWP) apps that are available from the Windows Store. This gives users a curated app experience that should [hopefully] weed out any nefarious apps that could potentially put users at risk.
“Any app that doesn’t go through our Store onboarding, vetting, and signing process won’t run,” writes Microsoft in a whitepaper [PDF] that discusses the security enhancement available in the Windows 10 Creators Update. “By allowing only verified apps to run, Windows 10 S protects devices against malware, ransomware, and other similar attacks.”
General consumers, however, won’t be the primary target audience for Windows 10 S. Given its limited compatibility with legacy apps, Windows 10 S will primarily flourish in the education sector. It also serves as a direct response to Chromebooks running Google’s Chrome OS that run the operating system and have been purchased by school systems in large numbers, threatening Microsoft’s market share.
We should mention that Windows 10 S still isn’t available [publicly] yet, and like won’t be until the Fall Creators Update arrives. That still gives malware writers plenty of time to test ways of cracking the operating system’s defenses.
Microsoft also goes on to state that even though WannaCry attacked unpatched Windows-based systems (with Windows 7 reportedly being the most critically wounded victim), Windows 10’s security protections give customer complete protection from the ransomware.