Google calls out Microsoft regarding a flaw in Windows 10 S code

Windows 10 S

Google’s Project Zero team of bug hunters has found a flaw in Windows 10 S, publicly disclosing the issue despite Microsoft wishing to keep it under wraps until it fixed it.

Project Zero looks for exploits in software, either made by Google, or from other companies, and if one is found the team usually alerts the developers of the software in private, giving them 90 days before going public.

Not only is the finding of the flaw embarrassing enough for Microsoft, but apparently it primarily affects Windows 10 S, a version of the operating system that is designed to be more locked down and secure than other versions by only allowing apps from the Microsoft Store to be installed.

According to Project Zero, the flaw targets users with user mode code integrity (UMCI) and Device Guard enabled – which Windows 10 S has by default. This allows arbitrary code to be run, something that Windows 10 S was specifically designed to prevent.

90-day window

Because the flaw only affects a minority of PCs, and even then hackers would need to physically access the PC, Project Zero only deems this a “medium” security flaw, and gave Microsoft the usual 90 days grace period to fix the issue before it was made public.

However, as Neowin.net reports, Google alerted Microsoft to the flaw way back on January 19, and after Microsoft was not able to issue a fix after those 90 days, in time for April’s Patch Tuesday, Microsoft asked for a 14-day extension.

However, Google refused, and apparently Microsoft again asked for an extension of the deadline so that it could be included in the Redstone 4 update (also known as Spring Creators Update). However, with that update being delayed without a new date set in stone, Google has again refused the extension, and has now made the flaw public.

It’s a bit embarrassing for Microsoft, and we can understand why it was keen to avoid the flaw being made public, but hopefully Google’s move will force Microsoft to get a fix out as soon as possible.

TOPICS
Matt Hanson
Managing Editor, Core Tech

Matt is TechRadar's Managing Editor for Core Tech, looking after computing and mobile technology. Having written for a number of publications such as PC Plus, PC Format, T3 and Linux Format, there's no aspect of technology that Matt isn't passionate about, especially computing and PC gaming. He’s personally reviewed and used most of the laptops in our best laptops guide - and since joining TechRadar in 2014, he's reviewed over 250 laptops and computing accessories personally.

Latest in Windows
girl using laptop hoping for good luck with her fingers crossed
Windows 11 24H2 seems to be a massive fail – so Microsoft apparently working on 25H2 fills me with hope... and fear
A woman sitting in a chair looking at a Windows 11 laptop
It looks like Microsoft might have thought better about banishing Copilot AI shortcut from Windows 11
Using Zipped files and folders in Windows 11
Windows 11 should soon be faster at extracting files from compressed ZIPs – and it’s about time, frankly
Xbox Wireless Controller
Microsoft is adding a powerful new feature for using Xbox controllers with Windows 11
Woman disgusted by her laptop
Embarrassing Windows 11 bug that deleted Copilot app is now fixed – but will anyone outside of Microsoft care?
Student sat at a desk with a laptop in a dormitory looking at a mobile phone
Windows 11 could eventually help you understand how fast your PC is - as well as offer tips for making your PC or laptop faster for free
Latest in News
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
An aerial view of an Instavolt Superhub for charging electric vehicles
Forget gas stations – EV charging Superhubs are using solar power to solve the most annoying thing about electric motoring
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business