Google's Project Zero team has outed another Microsoft security flaw, this time in Windows 10 S.
The flaw, which is rated as "medium" in terms of severity, impacts systems with Device Guard enabled and it can't be executed remotely, so it's not easily exploited. Google explains:
This issue only affects systems with Device Guard enabled (such as Windows 10S) and only serves as a way of getting persistent code execution on such a machine. It's not an issue which can be exploited remotely, nor is it a privilege escalation. An attacker would have to already have code running on the machine to install the registry entries necessary to exploit this issue, although this could be through an RCE such as a vulnerability in Edge. There's at least two know DG bypasses in the .NET framework that are not fixed, and are still usable even on Windows 10S so this issue isn't as serious as it might have been if all known avenues for bypass were fixed.
Google's standard disclosure guidelines state that it will publicly disclose vulnerabilities after 90 days if they haven't been addressed. Microsoft was alerted to the issue in January, but had told Google in February that it would not be fixed in time for the April Patch Tuesday rollout. Microsoft requested extensions in early April, explaining that the issue will be fixed with the release of the Redstone 4 (spring) update. However, because there is no firm release date for Redstone 4, Google turned down the request.
This isn't the first time Google's disclosure policy has been a source of contention between the two companies. The two companies butted heads over the disclosure of a zero-day vulnerability in 2016, leading to an expression of frustration from Microsoft. That followed a similar clash between the two in 2015 over a Windows 8.1 vulnerability. More recently, Google disclosed flaws in Windows 10 and Microsoft Edge in February.
We may earn a commission for purchases using our links. Learn more.
Samsung's new 870 QVO makes a strong case to kiss HDDs goodbye forever
Samsung's second-generation QLC SSD is here and the 870 QVO is making a case to push the HDD into oblivion forever. With strong performance and a massive 8TB capacity available, this might be what you're looking for to make your next build fast for the future.
The AVerMedia Live Gamer Bolt is an astonishing external capture card
First announced almost a year ago, AVerMedia's scorching Live Gamer Bolt has finally arrived with promises of 4K60 HDR video and up to 240 FPS at lower resolutions, all from an external connection. But does it deliver? Resoundingly so.
Review: Razer Huntsman Mini is a 60 percent mighty gaming keyboard
While full-size and so-called TKL keyboards are the most popular choices, the new 60 percent option is catching on for gamers and those who want a clean home desktop experience. The Razer Huntsman Mini brings all the power of the popular Huntsman TE keyboard in a smaller, more travel-friendly form factor. Toss in some nice Doubleshot PBT keycaps and optical switches, and you have a tiny...
Best Skins and Cases for Dell XPS 13 2-in-1 2020
The Dell XPS 13 2-in-1 is one of the best convertible laptops on the market, but what type of skin or case should you get for it? Here's what we think.