This year, Microsoft announced Windows 10 S, describing it as the "most secure" version of the operating system. Representatives of the techno giant have repeatedly stated that the OS is protected from the most common types of malicious software, including extortion. However, the expert Hacker House Matthew Hickey (Matthew Hickey) managed to prove the opposite - he was able to bypass all the protective mechanisms of Windows 10 S in just three hours.
The experiment was conducted using a Surface Laptop laptop, on which Windows 10 S is installed with the latest security updates. Windows 10 S is limited only to running applications installed through the official store, and allows the user to run only the necessary applications. The system does not provide access to the control panel from the command line, scripting tools and PowerShell - an instrument that hackers quite often exploit. However, Hickey managed to compromise Windows 10 S using MS Word macros.
The expert created a MS Word document with a malicious macro that allowed him to implement the DLL library and circumvent the restrictions by embedding the code in the existing authorized process. In this case, the malicious document was launched with administrator rights through the "Task Manager".
To protect users, Microsoft implemented a secure view, which allows you to open documents without running macros or initiating downloads from the Internet. Hickey was able to circumvent this protection mechanism by downloading a document from a network resource, which the system regards as a trusted source.
Having access to the system with administrator rights, the expert was able to install the Metasploit software and elevate privileges to the SYSTEM level. So he managed to get full remote access to the laptop.