Microsoft has had a troublesome time with its Windows 10 October update, attempting to quell numerous bugs that deleted user files, wrongly decompressed folders and even distorted text. Sadly, it seems as though these issues are far from over, as a security hole in the Universal Windows Platform has been giving applications full access to system files.
UWP applications often have limited access to a select number of files located in the individual directory, with requirements to ask for user permission to gain access to external files. In rare circumstances, applications will be granted “broadFileSystemAccess,” pending they meet Microsoft’s request for extra documentation reasoning why.
This allows access across “all files that the user has access to. For example: documents, pictures, photos, downloads, desktop, OneDrive, etc,” according to a developer documentation via Bleeding Computer. Windows 10’s October update, otherwise known as update 1908 unfortunately gave broadFileSystemAccess to every application during its limited rollout, allowing the more malicious of the bunch to effectively harvest and control user data.
Microsoft was already expected to withhold the update beyond October, but it is unclear how this newly revealed bug will affect the timeline of its release. The firm has yet to officially acknowledge the problem and the implications it might have on UWP.
KitGuru Says: This is perhaps Windows 10’s most buggy update yet, but fortunately it was held back before irreparable damage was done. Hopefully you’re not one of the few to have already downloaded the update, but if you are, how has it fared for you so far?