Just In
- 48 min ago Realme Narzo 70 5G, Narzo 70x 5G Launched in India: Check Price, Specs, Availability
- 1 hr ago COLORFUL EVOL P15 Series Gaming Laptops Launched in India: Check Price, Specifications
- 2 hrs ago Garena Free Fire Max Redeem Codes for April 24, 2024: Get Access to the Latest In-game Loot
- 2 hrs ago Here’s a List of Smartphones That Are Most Likely to Feature Qualcomm Snapdragon 8 Gen 4
Don't Miss
- Travel Mumbai Opens BMC Headquarters For Exclusive Heritage Tour
- News Electoral Bonds Plea In SC Seeks SIT Probe Into Alleged Quid Pro Quo Between Parties Corporates
- Sports WWE NXT Spring Breakin’ 2024: Title Matches and more announced for Night Two
- Automobiles The Rise and Fall of the TVS Jive: India's Pioneering Clutchless Motorcycle
- Education TS Inter Results 2024 Toppers' List, Check Out the Districts That Top the List
- Lifestyle Summer Style: 6 Must-Try Colors To Stay Fashionably Cool Like B-Town Divas!
- Finance PayU Gets RBI's In-principle Nod To Operate As Payment Aggregator
- Movies The Family Star OTT Release Date & Platform Revealed: Here's When & Where To Watch Vijay Devarakonda’s Film
Windows 10 S security flaw disclosed by Google regardless of Microsoft’s objection
The security flaw in Microsoft Windows 10 S allows the users to potentially run an arbitrary code to jailbreak that we earlier mentioned is the locked-down operating system.
We all know about the recent security flaws Meltdown and Spectre that had infected most of the devices available today. Following that, most of the companies started rolling out security updates for their devices. The researchers from GPZ (Google's Project Zero) were the ones who discovered these security flaws. Now, GPZ researchers now have made an announcement that they have found that the Microsoft's Windows 10 S suffers from a 'medium severity' which results in a lock-down of the operating system caused by a user. The reason why this happens is that the security flaw in Microsoft Windows 10 S allows the users to potentially run an arbitrary code to jailbreak that we earlier mentioned is the locked-down operating system.
As per some sources from the web, it seems like there is no remote code to exploit the flaw at the moment which points that the hackers will need physical access to the devices in order to unlock the OS. The report further suggests that on the basis of how the Windows 10 S verifies the identity of high-privilege components, the vulnerabilities stem from.
Further, as per the technical note from GPZ mentions that:
"When a .NET COM object is instantiated the CLSID passed to mscoree's DllGetClassObject is only used to look up the registration information in HKCR. At this point ... the CLSID is thrown away and the .NET object created. This has a direct impact on the class policy as it allows an attacker to add registry keys (including to HKCU) that would load an arbitrary COM visible class under one of the allowed CLSIDs. As .NET then doesn't care about whether the .NET Type has that specific GUID you can use this to bootstrap arbitrary code execution by abusing something like DotNetToJScript".
Google and Microsoft seem to be in a state of conflict on the public disclosures of the vulnerabilities. Google is claiming that it had notified Microsoft regarding the security flaw on January 19th. Microsoft had 90-days to release the patch up for the flaws, which the company failed to deliver on. It is being reported that Microsoft had also asked for a 14-day deadline extension as well promising to roll out the patch with its upcoming Redstone 4 update, but Google once again turned Microsoft down stating the lack of a specific ETA, leading to the
-
99,999
-
1,29,999
-
69,999
-
41,999
-
64,999
-
99,999
-
29,999
-
63,999
-
39,999
-
1,56,900
-
79,900
-
1,39,900
-
1,29,900
-
65,900
-
1,56,900
-
1,30,990
-
76,990
-
16,499
-
30,700
-
12,999
-
26,634
-
18,800
-
62,425
-
1,15,909
-
93,635
-
75,804
-
9,999
-
3,999
-
2,500
-
3,599