James Forshaw, a member of the Google Project Zero hacking crew, was given the task to asses Windows 10, and see if there were big risks related with the new OS from Microsoft.
Forshaw talked about his findings and opinions in a presentation called, Windows 10: Two steps forward, one step back at Ruxcon security conference in Melbourne, Australia, on last Saturday.
James Forshaw pointed out the following:
So what does that means for us, end users?
“There are more system services and drivers which means more attack surface,” Forshaw explains. “Local system is the god account on Windows and as we go towards (Windows) 10 more services as a percentage of the total are running as the absolute highest account.” “That’s not great.”
The thing is, Microsoft made an effort to build a more secure environment, especially to try to reduce the attack surface of by-default attack using privilege escalation, but the main vector for this to happen is still there.
It’s true that the number of services being initiated at booting reduce from 30.7% in Windows 7 to 24.1% in Windows 10, but now we found more services in windows 10 being triggered, from 11.11% in Windows 7 to 31.28% in Windows 10. Having more of these services means there is more surface for malware to use and exploit.
Forshaw also stated that user account control was downgraded from security technology to “‘something you just put there to annoy the user'”, and it is a “pain-in-the-ass” but it looks like Microsoft will fix some of the issues with the user account control.
In the presentation, Forshaw used a token-capturing tool he has built that can bypass Windows 10 Security mechanisms, and this can be accomplished by exploiting a bug in Win32K and elevate local privileges.
The tool will be released to the public only when Microsoft releases a patch to fix the problem.
Still talking about vectors of attack, we all know that Adobe flash is an open window for many malware to explore, about this, Forshaw said, that it’s a bit sad that Microsoft included Flash based on Active-X:
“Microsoft could have lead the way and said ‘I refuse to run (Adobe) Flash ever again in my web browser’ but unfortunately they did not take that inspired option”.
Resuming the findings of James Forshaw’ analysis, for sure many things are going better, but the company can still improve the security of its newborn Windows 10.
About the Author Elsio Pinto
Edited by Pierluigi Paganini
(Security Affairs – Windows 10, hacking)