Just In
-
-
-
-
Don't Miss
-
Bade Miyan Chote Miyan Box Office Collection Day 10 Prediction: Akshay’s Film To See Hike During 2nd Weekend -
Most Sixes in IPL 2024: Top 10 Players And Teams To Hit Most Sixes As Of April 20 -
2:1 Bonus Issue: IT Penny Stock Turned; 1,600 Shares Market Lot Size Revised To 4,800 Shares -
Golden Rules To Follow For Happy Marriage For A Long Lasting Relationship -
Chinese President Xi Jinping Orders Biggest Military Reorganisation Since 2015 -
Exam Pressure Does Not Exist; Studying Punctually is Crucial; Says Aditi, the PSEB 2024 Topper -
Suzuki Swift Hatchback Scores 4 Star Safety Rating At JNCAP – ADAS, New Engine & More -
Journey From Delhi To Ooty: Top Transport Options And Attractions
Windows 10 S security flaw disclosed by Google regardless of Microsoft’s objection
The security flaw in Microsoft Windows 10 S allows the users to potentially run an arbitrary code to jailbreak that we earlier mentioned is the locked-down operating system.
We all know about the recent security flaws Meltdown and Spectre that had infected most of the devices available today. Following that, most of the companies started rolling out security updates for their devices. The researchers from GPZ (Google's Project Zero) were the ones who discovered these security flaws. Now, GPZ researchers now have made an announcement that they have found that the Microsoft's Windows 10 S suffers from a 'medium severity' which results in a lock-down of the operating system caused by a user. The reason why this happens is that the security flaw in Microsoft Windows 10 S allows the users to potentially run an arbitrary code to jailbreak that we earlier mentioned is the locked-down operating system.
As per some sources from the web, it seems like there is no remote code to exploit the flaw at the moment which points that the hackers will need physical access to the devices in order to unlock the OS. The report further suggests that on the basis of how the Windows 10 S verifies the identity of high-privilege components, the vulnerabilities stem from.
Further, as per the technical note from GPZ mentions that:
"When a .NET COM object is instantiated the CLSID passed to mscoree's DllGetClassObject is only used to look up the registration information in HKCR. At this point ... the CLSID is thrown away and the .NET object created. This has a direct impact on the class policy as it allows an attacker to add registry keys (including to HKCU) that would load an arbitrary COM visible class under one of the allowed CLSIDs. As .NET then doesn't care about whether the .NET Type has that specific GUID you can use this to bootstrap arbitrary code execution by abusing something like DotNetToJScript".
Google and Microsoft seem to be in a state of conflict on the public disclosures of the vulnerabilities. Google is claiming that it had notified Microsoft regarding the security flaw on January 19th. Microsoft had 90-days to release the patch up for the flaws, which the company failed to deliver on. It is being reported that Microsoft had also asked for a 14-day deadline extension as well promising to roll out the patch with its upcoming Redstone 4 update, but Google once again turned Microsoft down stating the lack of a specific ETA, leading to the
-
99,999 -
1,29,999 -
69,999 -
41,999 -
64,999 -
99,999 -
29,999 -
63,999 -
39,999 -
1,56,900
-
79,900 -
1,39,900 -
1,29,900 -
65,900 -
1,56,900
-
1,30,990 -
76,990 -
16,499 -
30,700 -
12,999
-
62,425 -
1,15,909 -
93,635 -
75,804 -
9,999 -
11,999 -
3,999 -
2,500 -
3,599 -
8,893
