It was incredibly stupid of Microsoft to boast about the supposed security of their new Windows 10S. That boast inspired hackers to prove them wrong but no-one expected a quick downfall with Office providing the ‘backdoor’ into Windows.
Microsoft started it all by claiming that:
” No known ransomware works against Windows 10S – our latest and most hardened operating system. “
No operating system is that secure and Windows certainly isn’t deserving of that boast.
Such a claim was the equivalent of a ‘red rag’ to hackers (presumably a case of Jolt Cola and a box of Kit Kats).
ZDnet took up the challenge. They got a new Surface Laptop with Windows 10S, updated it with all the latest patches then let Matthew Hickey from Hacker House loose to get some nasties installed.
Three Hours
It took Mr Hickey just 3 hours to bypass Microsoft’s “most hardened” Windows. Ouch. He didn’t use some obscure trick, it was a general method we’ve mentioned in Office Watch too many times over the years.
The Windows team probably thought they’d done enough by disabling the command prompt (‘DOS Box’), scripting and PowerShell. Windows 10S will only install apps from the Windows Store.
But the Windows group forgot about the infiltrator within their own company that’s always provided a gateway for hackers: Microsoft Office.
Microsoft Office in the Windows Store is Office 2016 for Windows desktop running as Windows apps. It’s supposed to work the same as regular Office 2016, except no COM add-ins. VBA macros are available.
Word Macros
Word macros are the path to system/administrator level access on a Windows 10S computer. What Microsoft once dismissed as ‘prank macros’ and not worth worrying about are still causing trouble two decades later.
The basics of the attack will be familiar to Office-Watch.com readers. A Word document with an evil macro is opened. There’s a warning about the presence of macros but it’s easy to trick people into clicking the vital ‘Enable Macros’ button.
Once the macros are running, the code can gain access to high levels of computer access and do pretty much anything the hackers want. That includes “known ransomware”.
There are plenty of ‘off the shelf’ tools out there to make accessing Windows easy, some of them courtesy of the US government itself.
Microsoft’s lame response
ZDnet publishes Microsoft lame and dismissive response. The company tries justify their exact wording, instead of admitting they have work to do. A genuine security issue is dismissed as a hypothetical that’s solved by some debating tricks.
As ever, Redmond isn’t concerned about computer protection, just the appearance of security and continuation of sales.
