Skip to main content

Windows 10 S succumbs to attack via Word macro-based malware

Windows 10 S restrictions
Image used with permission by copyright holder
Microsoft produced its reduced-functionality version of Windows 10, dubbed Windows 10 S, for a few reasons. For one, it locks down app installs to the Windows Store and limits what users can do with the OS, and thus it’s easier to manage in restricted environments like educational institutions.

Another important reason is that by locking down various administrative tools and ensuring that only apps that have gone through the Windows Store vetting process, Windows 10 S should be more secure. That’s an important claim that deserves its own vetting, which is exactly what ZDNet did in a recent report.

In order to verify if Windows 10 S is actually safe from attack, ZDNet enlisted security researcher Matthew Hickey to see if he could get past the hurdles the OS places in front of hackers. After just over three hours of work, Hickey was able to break through Windows 10 S’s security features and install an illicit payload.

Interestingly, it wasn’t Windows 10 S that was vulnerable to Hickey’s attack. Rather, it was Microsoft Word, which by itself has demonstrated its own vulnerability to attack because of its macro functionality. The version of Word that’s available in the Windows Store is capable of running macros, and that’s precisely the vector that Hickey used to break into the Surface laptop used for the test.

In addition, the attack didn’t involve the OS merely being hacked. Hickey injected a piece of malware into a macro-based Word document and loaded it from a local trusted network. That bypassed Office’s Protected View, which would have more explicitly blocked it if downloaded from the untrusted internet. However, Word still required Hickey to click on the “Enable Content” banner at the top of the Word document in order for the malware to execute and infect the system.

In spite of the fact that Windows 10 will not run the command line interface or the PowerShell, the malware was still able to grant Hickey administrator access to the machine and remotely control the machine from a cloud-based command and control server. Essentially, he was able to take complete control over the test system.

It’s important to note that running the Word macro did require user intervention, and so Windows 10 S was nevertheless more locked-down. For its part, Microsoft stands by its “no ransomware” statement regarding Windows 10 S, and the attack is likely not as much an indictment of Windows 10 S as it is of Microsoft Office’s macro functionality, which has been the source of other attacks. Perhaps most important, it reinforces the need for all of us to remain diligent with our systems, avoiding unsafe content when we can and never allowing anything to run on our systems that we do not fully understand.

Editors' Recommendations

Mark Coppock
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
Hackers are using fake WordPress DDoS pages to launch malware
A digital depiction of a laptop being hacked by a hacker.

Hackers are pushing the distribution of dangerous malware via WordPress websites through bogus Cloudflare distributed denial of service (DDoS) protection pages, a new report has found.

As reported by PCMag and Bleeping Computer, websites based on the WordPress format are being hacked by threat actors, with NetSupport RAT and a password-stealing trojan (RaccoonStealer) being installed if victims fall for the trick.

Read more
Top 10 Windows shortcuts everyone should know
An individual using a laptop's keyboard.

Windows shortcuts are a constantly-used feature by practically all PC users. Apart from saving you time from carrying out the specific command without having to perform a few extra clicks on your mouse, it’s simply more convenient to refer back to shortcuts via your keyboard.

Although you may be satisfied with the Windows shortcuts you already know about and utilize on a daily basis, you can enhance your general Windows experience in a big way with these 10 shortcuts everyone should know.
Ctrl + Z
Tired of always having to use your mouse to find and click the Undo button on a program like Microsoft Word or, say, entering details on a website or editing images? Ctrl + Z will basically undo whatever your last action was, providing you a convenient way to reverse edits and changes within a second. From personal experience, this shortcut proved to be especially useful for productivity applications.
Ctrl + Shift + T
We’ve all been there. Nowadays, our browsers are inundated with multiple tabs, and as such, it’s hard to keep track of at times. Eventually, you’re going to close a tab on accident when trying to select it. Instead of trying to remember what it was or spending a few seconds accessing it and reopening it via the Recently Closed feature (on Chrome), simply hit Ctrl + Shift + T to restore the last closed tab. Similarly, Ctrl + N will open a new tab.
Alt + Tab

Read more
After 10 years of headaches, I’m finally a believer in Windows on ARM
The Microsoft Surface 3 with its blue keyboard.

Almost two years in, Apple is on the verge of completing its transition to ARM. It might surprise you to know, then, that Microsoft started its own journey to ARM chips long before Apple.

But Windows' support for ARM has been far less smooth. There aren't many more Windows devices with ARM chips than there were five years ago -- and I can attest to having personally used every failed attempt along the way.

Read more