Google's Project Zero reveals security flaw in Windows 10 S after Microsoft fails to fix it

Details of a security flaw in Windows 10 S has been revealed by Google's Project Zero after Microsoft failed to issue a patch within the 90-day disclosure deadline. The "WLDP CLSID policy .NET COM Instantiation UMCI Bypass" vulnerability is described as being of medium severity, and it allows for the execution of arbitrary code on systems with Device Guard enabled. See also: Microsoft reveals more about the 'blocking bug' that is delaying Windows 10 Spring Creators Update It looks like there will be a new RTM build of Windows 10 as build 17134 is discovered Microsoft discovers blocking bug and… [Continue Reading]