Thus, the technology giant Microsoft is again embarrassed for not having corrected a severe vulnerability in time.
Ensuring the security of the operating systems is essential After the discoveries must be processed as soon as possible.
The tech giant Microsoft has a flaw in its Windows 10S and, again, the technology giant Google reveals a flaw in it before it is resolved.
The “WLDP CLSID policy .NET Instantiation COM UMCI Bypass” vulnerability is defined us as medium severity and allows the execution of arbitrary code on systems with Device Guard enabled.
The announced failure, although not of great importance, may result in code execution without user authorization and theft of your data.
When the technology giant Google discovered the problem, he immediately alerted the technology giant Microsoft. This happened on January 19th of this year.
By failing its hotfix when the April security patch was released in April, Microsoft asked to delay the disclosure of the failure.
Initially, it was reported to Microsoft in January, and after stating that it would not or could not be fixed in the April patch, Microsoft asked for a 14-day extension, but this was denied. T
he company has once again requested an extension, noting that Redstone 4 will solve the problem, but Google reveals a flaw in it and Project Zero pointed out that this “would not be considered a widely available patch by the disclosure requirements”, hence the disclosure.
Google reveals a flaw in this major problem and its worth’s
This bug infects systems on which Anti Malware is active, making Windows 10 S the primary target, with this option enabled by default.
It should be noted that the failure can only be exploited with physical access to the machine and that the machine must already execute the attacker’s code.
Proof of concept is available, but there are mitigating factors. As explained by the discoverer – a user called Forshaw -: “This is not a problem that can be exploited remotely, nor an escalation of privileges.
An attacker should already have code on the machine to install registry entries needed to exploit this problem, although this could be through an ECN as a vulnerability in Edge “.
It is unclear when the tech giant Microsoft will release this update, but this revelation should now accelerate its fix.
The low penetration of Windows 10 S, which even caused profound changes to the concept, further reduces the severity of this failure.
The Interesting thing about this whole situation, apart from the fact that it revealed before Microsoft resolve it.
it affects a version of Windows that has been identified as the safest and best amoung to protect users and their data. This reverses the invulnerability of this version.
So, what do you think about it? Simply share all your reviews and ideas in the comment section below. Happy Cheapwareable