Google discloses 'medium-severity' security flaw in Windows 10 S

Google's Project Zero team has outed another Microsoft security flaw, this fourth dimension in Windows x S.

The flaw, which is rated every bit "medium" in terms of severity, impacts systems with Device Guard enabled and it can't be executed remotely, so it's not easily exploited. Google explains:

This event only affects systems with Device Guard enabled (such as Windows 10S) and only serves equally a fashion of getting persistent code execution on such a machine. Information technology'southward not an outcome which tin can exist exploited remotely, nor is it a privilege escalation. An attacker would have to already take code running on the motorcar to install the registry entries necessary to exploit this issue, although this could be through an RCE such as a vulnerability in Edge. There's at to the lowest degree two know DG bypasses in the .NET framework that are not fixed, and are nonetheless usable even on Windows 10S so this result isn't as serious as it might take been if all known avenues for bypass were fixed.

Google's standard disclosure guidelines state that it will publicly disclose vulnerabilities after 90 days if they haven't been addressed. Microsoft was alerted to the issue in Jan, but had told Google in February that it would not be stock-still in time for the April Patch Tuesday rollout. Microsoft requested extensions in early April, explaining that the issue will be fixed with the release of the Redstone iv (leap) update. However, because there is no business firm release date for Redstone 4, Google turned downwardly the asking.

This isn't the first time Google's disclosure policy has been a source of contention between the two companies. The two companies butted heads over the disclosure of a zero-day vulnerability in 2022, leading to an expression of frustration from Microsoft. That followed a similar clash between the ii in 2022 over a Windows 8.1 vulnerability. More recently, Google disclosed flaws in Windows ten and Microsoft Edge in February.

We may earn a committee for purchases using our links. Learn more than.

Oh Dear

New report reveals Microsoft'southward future AR strategy; HoloLens iii is dead

Business Insider has today published a follow-up report with more than details about Microsoft's canceled HoloLens 3 augmented reality headset. The partnership with Samsung is said to include a headset with a set of screens inside, powered by a Samsung phone in your pocket.

Keeping it affordable

Review: Surface Laptop SE is the new standard for K-8 Windows PCs

Starting at just $250, Microsoft'due south first foray into affordable laptops for the education market is a winner. With a gorgeous design, excellent thermals, and a fantastic typing experience, Microsoft would do correct to sell this directly to consumers as well. Allow'southward just hope Intel can make a better CPU.

Source: https://www.windowscentral.com/google-discloses-medium-severity-security-flaw-windows-10-s

Posted by: rileynoweapping.blogspot.com

Share this post