|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
-
Newly discovered data access breach in Win10 UWP (Metro, “Store”) apps
There’s a bug in the UWP API that lets appropriately programmed apps look at all of your data. Günter Born says:
(The malicious UWP) app is not limited to access to files and folders via a file picker or LocalStorage. Microsoft has described the permitted file system accesses in this document (broadFileSystemAccess API). The documentation also states: “On first use, the system prompts the user to allow access”. Microsoft (theoretically) provides security measures for access that intercept unauthorized access attempts. Without user access, a UWP app cannot access files without the user’s consent – at least theoretically …
Unfortunately, there’s a bug that prevents the security prompt from appearing. Microsoft apparently tried to fix the bug in Win10 1809, but the guy who discovered the bug, Sébastien Lachance, says that trying to run the API-calling code crashed the app.
(No details offered about which version of 1809 he tried.)
In the meantime, it appears as if 1803 and earlier are still subject to the bug.
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Expand the taskbar?
by 2 hours, 46 minutes ago
-
Gregory Forrest “Woody” Leonhard (1951-2025)
by 1 hour, 21 minutes ago
-
March 2025 updates are out
by 6 hours, 37 minutes ago
-
Windows 11 Insider Preview build 26120.3380 released to DEV and BETA
by 14 hours, 41 minutes ago
-
Update Firefox to prevent add-ons issues from root certificate expiration
by 21 hours, 49 minutes ago
-
Latest Firefox requires Password on start up
by 16 hours, 24 minutes ago
-
Resolved : AutoCAD 2022 might not open after updating to 24H2
by 1 day, 10 hours ago
-
Missing api-ms-win-core-libraryloader-11-2-1.dll
by 9 hours, 26 minutes ago
-
How Much Daylight have YOU Saved?
by 12 hours, 23 minutes ago
-
A brief history of Windows Settings
by 6 hours, 1 minute ago
-
Thunderbolt is not just for monitors
by 4 hours, 38 minutes ago
-
Password Generators — Your first line of defense
by 10 hours, 4 minutes ago
-
AskWoody at the computer museum
by 5 hours, 40 minutes ago
-
Planning for the unexpected
by 11 hours, 4 minutes ago
-
Which printer type is the better one to buy?
by 1 day, 12 hours ago
-
Upgrading the web server
by 1 day, 10 hours ago
-
New Windows 11 24H2 Setup – Initial Win Update prevention settings?
by 2 days, 5 hours ago
-
Creating a Google account
by 2 days, 4 hours ago
-
Undocumented “backdoor” found in Bluetooth chip used by a billion devices
by 2 days, 11 hours ago
-
Microsoft Considering AI Models to Replace OpenAI’s in Copilot
by 2 days, 22 hours ago
-
AI *emergent misalignment*
by 2 days, 23 hours ago
-
Windows 11 Disk Encryption/ Bitlocker/ Recovery Key
by 1 day, 7 hours ago
-
Trouble signing out and restarting
by 6 hours, 28 minutes ago
-
Windows 7 MSE Manual Updating
by 3 hours, 15 minutes ago
-
Problem running LMC 22 flash drive
by 2 days, 6 hours ago
-
Outlook Email Problem
by 2 days, 6 hours ago
-
“Microsoft 365 Office All-in-One For Dummies, 3rd Edition FREE
by 2 days, 14 hours ago
-
Cant use Office 2013 – Getting error message about Office 2013
by 3 days, 7 hours ago
-
Nearly 1 million Windows devices targeted in advanced “malvertising” spree
by 3 days, 7 hours ago
-
Windows 11 Insider Preview build 27808 released to Canary
by 4 days, 8 hours ago
