'Secure' Windows 10 S Hacked Wide Open in 3 Hours

  • MORE

Windows 10 S is locked down to the point where you can't use any apps outside of the Windows Store. Microsoft touts its security and claims it isn't affected by any "known ransomware."

But our friends at ZDNet hired someone to try to crack it, and he succeeded in just three hours.

desktop 670x375 3135231498480340

Their hacker, Matthew Hickey, security researcher and co-founder of cybersecurity firm Hacker House, exploited Microsoft Word macros to run a DLL injection attack. Because macros aren't run by default on documents downloaded from the web, he used a source Windows 10 S trusts: the local network.

At that point, he was able to run a program to gain system-level privileges (the highest level of access) and also run processes from the system level. He also connected the computer to his own server, meaning that he had remote access to do whatever he pleased.

"From here we can start turning things on and off -- antimalware, firewalls, and override sensitive Windows files," Hickey told ZDNet. "If I wanted to install ransomware, that could be loaded on," he said. "It's game over." The computer would have no way to defend itself. Hickey could've done anything he wanted to on the machine.

MORE: Windows 10 S Locks You Into Edge and Bing, Out of Key Apps

Hickey did not install ransomware on the system, but he was able to provide proof of his system level access, including a plaintext Wi-Fi password.

When ZDNet contacted Microsoft about the exploit, it provided the following statement:

"In early June, we stated that Windows 10 S was not vulnerable to any known ransomware, and based on the information we received from ZDNet that statement holds true. We recognize that new attacks and malware emerge continually, which is why [we] are committed to monitoring the threat landscape and working with responsible researchers to ensure that Windows 10 continues to provide the most secure experience possible for our customers."

Windows 10 S currently ships with Microsoft's flagship notebook, the Surface Laptop, as well as laptops from a series of partners like Lenovo and Acer.

Even if the current ransomware doesn't work, ZDNet and Hickey proved one dangerous point -- it's still possible to install it on Windows 10 S machines, and it's very possible to take a machine running the operating system over.

For more information, screenshots of the attack and full technical details, check out the original story over on ZDNet.

Author Bio
Andrew E. Freedman
Andrew E. Freedman,
Andrew joined Laptopmag.com in 2015, reviewing computers and keeping up with the latest news. He holds a M.S. in Journalism (Digital Media) from Columbia University. A lover of all things gaming and tech, his previous work has shown up in Kotaku, PCMag and Complex, among others. Follow him on Twitter @FreedmanAE.
Andrew E. Freedman, on
Add a comment
1 comment
  • giorgitd Says:

    So, the implication is that an attack using Word's macro capabilities is 'unknown'? Now THAT is scary...

Back to top