From there he was able to download a payload using Metasploit, a common penetration testing software, which connects the operating system to his own cloud-based command and control server, effectively enabling him to remotely control the computer. From there, he was able to get the highest level of access, “system” privileges, by accessing a “system”-level process and using the same DLL injection method.
Windows 10 S is definitely more secure, but not completely unhackable
Report reveals some weaknesses in Windows 10 S
Microsoft recently unveiled a locked down version of Windows – Windows 10 S. The OS can only install secure apps published in the Store, promising no ransomware and viruses. But nothing is completely unhackable, according to a report from ZDNet.
They’ve set up Windows 10 S on the newly announced Microsoft Surface Laptop, and contacted a security researcher to check the OS vulnerability.
Matthew Hicker from Hacker House has managed to create a malicious Word document, allowing him to carry out a reflective DLL injection attack when the file is opened. Because Word can download files from the Internet, Hicker managed to bypass the closed nature of Windows 10 S:
The conclusion is that Windows 10 S is definitely far less vulnerable to attacks, but if someone wants to break through, this is definitely possible.
Source: zdnet