Google Discover a security vulnerability in Windows 10 S, the version of Windows 10 that Microsoft says is the safest because it restricts users from using Win32 apps. The vulnerability allows unauthorized code execution on devices with Device Guard enabled, but according to a post from Neowin, a successful exploit requires system access.
The vulnerability was discovered by Google Project Zero which gives stakeholders a 90-day deadline to fix bugs in their software. But Microsoft appears to have requested an extension to the deadline, having previously released an update on the vulnerability in January.
The company then prepared a fix for April, but apparently could not complete it, asking for a deadline of May. However, Google refused to give another postponement to the vulnerability's release, and as of today all the details are out on the web.
The Windows 10 S bug is particularly difficult to exploit, but if you do, the "most secure Windows system" is gone.
Windows 10 S does not allow the installation of Win32 software, and Microsoft allows upgrading to Windows 10 Pro directly from within the operating system. However, the availability of Windows 10 S as a standalone operating system will soon be discontinued and will be integrated into Windows 10 as "S Mode".
So although Microsoft has promised a patch on Patch Tuesday in May, it is not certain that it will be released, as the plan is to integrate the OS as a feature into the company's main OS, namely Windows 10.
If you are interested in more technical details and want the PoC of the vulnerability you can find it on the announcement page of Project Zero Google.
Google: insecure Microsoft's most secure operating system
