Windows 10s is vulnerable to ransomware

[JoeTech]

Microsoft's claim that Windows 10 S can't be infected with ransomware didn't last long. Once again they a macro in a word document to gain full control.


http://www.zdnet.com/article/microsoft-no-known-ransomware-windows-we-tried-to-hack-it/

 

[phaZed]

It's kind of a sensational fib, on both sides, however.

Hickey created a malicious, macro-based Word document on his own computer that when opened would allow him to carry out a reflective DLL injection attack, allowing him to bypass the app store restrictions by injecting code into an existing, authorized process. In this case, Word was opened with administrative privileges through Windows' Task Manager, a straightforward process given the offline user account by default has administrative privileges. (Hickey said that process could also be automated with a larger, more detailed macro, if he had more time.)

But given the dangers associated with macros, Word's "protected view" blocks macros from running when a file is downloaded from the internet or received as an email attachment. To get around that restriction, Hickey downloaded the malicious Word document he built from a network share, which Windows considers a trusted location, giving him permission to run the macro, so long as he enabled it from a warning bar at the top of the screen. The document could easily point an arrow to the bar, telling the user to disable protected mode to see the contents of the document -- a common social engineering technique used in macro-based ransomware. (If he had physical access to the computer, he could have also run the file from a USB stick, but he would have to manually unblock the file from the file's properties menu -- as easy as clicking a checkbox.)

Step 1: Run Word as Admin from Task Manager
Step 2: Somehow transfer a file across the same network from another machine
Step 3: In word, disregard Security Warning for Macros
Optional: Run a file from the USB stick after manually unblocking - no network required.

Someone want to fill me in how this is going to be accomplished without physical access?

Well, duh, if one has physical access that's an entirely different issue.

Lets see Hickey do this without physical access and then we have a real article.

 

[Blues]

Plus it is more a vulnerability of Word and not Windows

 

[MudRock]

Plus it is more a vulnerability of Word and not Windows

Yes, but the issue at hand is, is a vulnerability in Word to enter the OS, is still a vulnerability of the OS. It would be the same as specially-written Store apps to create loopholes, or holes discovered by hackers. It is the same issue we deal with in any internet-facing app.