Getting on-board with an operating system like Windows 10 S may be difficult for some users. Only a certain type of user would purposefully opt to use a whittled-down, locked-down OS by choice, but for the security conscious, it makes a lot of sense. After all, 10 S is still Windows -- it's just supposed to be safer.
That's been Microsoft's message since the OS' launch, and its logic is sound: the more locked-down an OS, the lower the chances are that a piece of malware -- including ransomware -- will make it onto the system. To put it simply, using Windows 10 S is akin to locking your doors and windows. That level of security might not be bullet-proof, but its a lot better than leaving everything unlocked and wide open.
The folks at ZDNet decided to challenge Microsoft's promise, and perhaps not so surprisingly, the site found that the OS giant's claims were a little premature.
After receiving a brand-new Surface laptop, the editor completed its out-of-box setup, and ran Windows Update to download the latest security patches. The laptop was then passed on over to Matthew Hickey, co-founder of security firm Hacker House, to try and compromise the machine.
A mere three hours later, Hickey managed to bypass some security layers and exploit the system. This is despite the fact that Windows 10 S doesn't even have a command prompt (or PowerShell prompt), and has no access to scripting tools in general. The point-of-entry in this particular case was Microsoft Word -- an app available right in the Windows Store.
Office's Trust Center can be used to disable macro support
The problem lies with how Word handles macros by default. After creating a deliberately malicious document file on another PC, it was opened on the Surface laptop, carrying out a DLL injection attack. This allowed Hickey to run additional code that ultimately allowed him to gain remote access of the machine. Once in, any system utility could be disabled, such as the Firewall. It could even be used to install additional software not ordinarily allowed due to security restrictions, including ransomware.
The moral of the story is that no system is fully secure. In this case, though, this looks to be an oversight by Microsoft, because this particular kind of attack isn't rare. The company doesn't seem too bothered by the vulnerability, however, and outright dismisses the issue saying, "We recognize that new attacks and malware emerge continually, which is why [we] are committed to monitoring the threat landscape and working with responsible researchers to ensure that Windows 10 continues to provide the most secure experience possible for our customers."
Granted, exploiting this particular bug requires many things to fall into place, so if you own a Windows 10 S device, you probably don't have to worry. It goes without saying, though, that if you want to be safe and secure, never download and run scripts found in documents sent from unknown sources.