Windows 10 security focused Sandbox broken and left without a fix for a month

Microsoft's flagship OS Windows 10 on a purple graphic

One of the most anticipated features of the Windows 10 May update for security conscious Windows users is broken.

Windows Sandbox is a feature that should allow users to open a suspicious website in a virtual machine-like environment to test whether a visit would result in malicious code being executed on their computer.

It's a security feature many were excited about, but the feature now launches with an error code "0x80070002" for some users. Microsoft said, "we are working on a resolution and estimate a solution will be available in late June".

Windows Sandbox is a feature only available to Windows Pro and Windows Enterprise customers, two iterations of the operating system specifically targeted at businesses.

Windows Sandbox exists as a browser extension that works based on an organisation's group policy. This means that the network administrator can apply settings for devices across the company so Sandbox would work in the same way for the IT department as it would for the CEO.

The extension cross-references a website with those known to be a security risk and then puts the website in the Windows Sandbox mode if the user clicks on the web page.

The feature would be useful for businesses that could come to a halt if a malicious program wormed its way into the network due to one employee visiting a nasty site. The Sandbox mode is wiped after every session so businesses can remain assured that if a malicious program was detected, it wouldn't leave the Sandbox and get into the network.

"When the sandbox is closed it effectively wiped and restored to its original state," said Sean Wright, security researcher, and Open Web Application Security Project (OWASP) Scotland chapter leader.

"This is extremely useful when performing research on potentially malicious software. It provides a clean state every time the sandbox is opened from new."

Microsoft announced that it was working on a similar feature to its Sandbox mode back in December. It was to take the form of a desktop virtual machine-like app that would allow users to not just run webpages in a Sandbox mode, but any software without the risk of causing any lasting harm from malicious code.

The mode is currently in a testing phase but there are plans to roll it out to enterprise customers too.

The faulty Sandbox mode isn't the only issue Microsoft is having with its May update (V1903) - machines running certain AMD RAID drivers weren't able to update due to the drivers being incompatible with the update.

"On computers that have AMD Ryzen or AMD Ryzen Threadripper processors, certain versions of AMD RAID drivers are not compatible with the Windows 10 May 2019 update," said Microsoft.

"If a computer has these drivers installed and configured in RAID mode, it cannot install the May 2019 update of Windows 10. If you start the installation process, the process stops."

The issue persists for both updates and fresh installs but is easily resolved. To get the update to work, the affected users must download and install the latest version of the AMD RAID drivers and restart their machine before re-initialising the update or install.

Connor Jones

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.