Just In
- 11 hrs ago OPPO Find X7 Ultra Camera Deep-Dive: Pushing the Boundaries of Photography on a Smartphone
- 13 hrs ago iQOO Z9 Turbo Launched in China: Snapdragon 8s Gen 3, 16GB RAM, and More
- 13 hrs ago iQOO Z9, Z9x Launched in China: 6000mAh Battery, iQOO 12 Inspired Design, 50MP Camera, & More
- 14 hrs ago HMD Branded First Set of Android Smartphones Are Here!
Don't Miss
- Finance Tech Mahindra Q4 Results Preview: Revenue May Fall, But Margins Seen To Expand; To Announce Dividend
- Movies Aavesham Box Office Collection Day 15 Prediction: Fahadh Faasil's Film To Maintain Steady Run
- Sports IPL 2024 Centuries List: Full List of Hundreds of All IPL Seasons - All You Need to Know
- Lifestyle When Will Vaishakh Month 2024 Start? Vrats And Festivals That Will Fall This Month, Complete List!
- Education JEE Main Result 2024 Out, Telangana's 15 Toppers Shine, Check Statewise List of 56 Candidates with Perfect 100
- News Mangalsutra Row: Did Indira Gandhi Donate Gold During The 1962 War? The Facts Behind Priyanka's Claim
- Travel Escape to Kalimpong, Gangtok, and Darjeeling with IRCTC's Tour Package; Check Itinerary
- Automobiles Aston Martin Vantage Launched In India At Rs 3.99 Crore
Windows 10 S security flaw disclosed by Google regardless of Microsoft’s objection
The security flaw in Microsoft Windows 10 S allows the users to potentially run an arbitrary code to jailbreak that we earlier mentioned is the locked-down operating system.
We all know about the recent security flaws Meltdown and Spectre that had infected most of the devices available today. Following that, most of the companies started rolling out security updates for their devices. The researchers from GPZ (Google's Project Zero) were the ones who discovered these security flaws. Now, GPZ researchers now have made an announcement that they have found that the Microsoft's Windows 10 S suffers from a 'medium severity' which results in a lock-down of the operating system caused by a user. The reason why this happens is that the security flaw in Microsoft Windows 10 S allows the users to potentially run an arbitrary code to jailbreak that we earlier mentioned is the locked-down operating system.
As per some sources from the web, it seems like there is no remote code to exploit the flaw at the moment which points that the hackers will need physical access to the devices in order to unlock the OS. The report further suggests that on the basis of how the Windows 10 S verifies the identity of high-privilege components, the vulnerabilities stem from.
Further, as per the technical note from GPZ mentions that:
"When a .NET COM object is instantiated the CLSID passed to mscoree's DllGetClassObject is only used to look up the registration information in HKCR. At this point ... the CLSID is thrown away and the .NET object created. This has a direct impact on the class policy as it allows an attacker to add registry keys (including to HKCU) that would load an arbitrary COM visible class under one of the allowed CLSIDs. As .NET then doesn't care about whether the .NET Type has that specific GUID you can use this to bootstrap arbitrary code execution by abusing something like DotNetToJScript".
Google and Microsoft seem to be in a state of conflict on the public disclosures of the vulnerabilities. Google is claiming that it had notified Microsoft regarding the security flaw on January 19th. Microsoft had 90-days to release the patch up for the flaws, which the company failed to deliver on. It is being reported that Microsoft had also asked for a 14-day deadline extension as well promising to roll out the patch with its upcoming Redstone 4 update, but Google once again turned Microsoft down stating the lack of a specific ETA, leading to the
-
99,999
-
1,29,999
-
69,999
-
41,999
-
64,999
-
99,999
-
29,999
-
63,999
-
39,999
-
1,56,900
-
79,900
-
1,39,900
-
1,29,900
-
65,900
-
1,56,900
-
1,30,990
-
76,990
-
16,499
-
30,700
-
12,999
-
11,999
-
16,026
-
14,248
-
14,466
-
26,634
-
18,800
-
62,425
-
1,15,909
-
93,635
-
75,804