Remember when Microsoft said no known ransomware could run on Windows 10 S? ZDNet decided to put their claim to the test by hiring a security researcher to hack it, and he actually succeeded in doing so in a little more than three hours using Word as the attack vector. While the hack is not guaranteed, it does show that W10 S is not bulletproof.



Bottom line: If it’s not in the app store, it won’t run. Cracking Windows 10 S was a tougher task than we expected. But one common attack point exists. Hickey was able to exploit how Microsoft Word, available to download from the Windows app store, handles and processes macros. These typically small, script-based programs are designed to automate tasks, but they’re also commonly used by malware writers.

Discussion

Source: [H]ardOCP – Word Macro Used to Break into the “More Secure” Windows 10 S