Skip to main content
  1. Home
  2. Computing
  3. News

Microsoft seeking fix after vulnerability found in Windows 10 security feature

By

One of Windows’ most important security features is BitLocker support, which has provided full-disk encryption since Windows Vista first rolled out. Coupled with a compatible Trusted Platform Module, which is now required for new Windows 10 machines, BitLocker theoretically provides solid protection for a Windows machine that’s lost or stolen.

However, any security feature is only as good as the entire system that surrounds it, and any weak link can present a vulnerability that renders it less than secure. For Windows 10, the weak link involves the fact that the operating system turns off Bitlocker during Feature Updates, aka upgrades, creating a potential exploit, as the official Win-Fu blog reports.

Recommended Videos

According to Windows trainer and MVP Sami Laiho, the vulnerability occurs due to the ability to hit SHIFT+F10 during the reimaging process performed during a Feature Update and access the command prompt. This result in access by the non-admin account that’s in use during the update to the root SYSTEM folder and to all of the contents of the non-BitLocker-protected hard drive.

Related

The following video provides an overview of the process:

Win Fu Official Blog Every Windows 10 in place Upgrade is a SEVERE Security risk

According to The Register, security experts further maintain that anyone with physical access to the machine could exploit the bug to access the BitLocker encryption keys. Fortunately, Microsoft is working on fixing the bug, which affects all relevant versions of Windows 10 including the production versions 1511 (November Update) and 1607 (Anniversary Update), as well as newer Windows Insider builds.

The bug does require physical access to the Windows 10 machine, but once that’s accomplished, for example via theft or by an internal employee, then the bug allows admin access to the system once an upgrade is kicked off. Until Microsoft issues a fix, Laiho recommends disallowing unattended upgrades and using the Long-term Servicing Branch version of Windows 10. That’s not much help to nonenterprise Windows 10 users, however, and so maintaining physical control over a Windows 10 machine becomes that much more important.

Topics
Mark Coppock
Mark Coppock
Computing Writer
Mark Coppock is a Freelance Writer at Digital Trends covering primarily laptop and other computing technologies. He has…

Editors’ Recommendations

Microsoft just added a secret file sharing feature to Windows 11
Drag Tray feature on Windows Insiders build.

Another secret feature has been spotted in one of the latest Windows 11 Insider preview builds. Discovered by X user phantomofearth and reported by Tom's Hardware, it appears that Microsoft is trying out a 'Drag Tray' for sharing files. When you pick up a file and drag it toward the top of the screen, a tray will drop down with different sharing options.

The feature was found in Build 22635.4805 but it's not included in Microsoft's release notes, which means there's no saying if or when it will make it to the general release of Windows 11. Anything that makes sharing files easier is a welcome feature, however, so fingers crossed that Microsoft gets it working well and decides to push it to everyone.

Read more
Microsoft is axing support for its own apps on Windows 10
The Surface Laptop 7 on a table in front of a window.

Microsoft has announced that support for Microsoft 365 apps on Windows 10 will end this year on October 14, as reported by The Verge. This is also the end-of-support date for Windows 10 as a whole, but the move is still a little surprising considering that Microsoft is now offering the Windows 10 Extended Security Updates (ESU) Program.

Anyone who joins this program for $30 can continue to safely use Windows 10 for a whole extra year -- so you might think that Microsoft would let them continue to use the Office apps too. That said, it's not like the apps will disappear, they just won't receive any more updates. According to Microsoft, this could cause "performance and reliability issues over time" but whether these issues will pop up within the ESU program's duration or not is anyone's guess.

Read more
Microsoft won’t back down on Windows 11’s biggest hurdle
The Surface Pro 11 on a white table in front of a window.

Microsoft has reaffirmed that it will not lower the minimum hardware requirements for Windows 11, solidifying the need for a Trusted Platform Module (TPM) 2.0 and a compatible CPU. This decision leaves many older PCs ineligible for the upgrade. Microsoft emphasizes that these standards are vital for improved security and performance.

As per a recent blog post titled “TPM 2.0 – a necessity for a secure and future-proof Windows 11,” Microsoft reaffirmed its decision not to relax Windows 11’s strict hardware requirements. TPM 2.0 is a hardware-based security feature that protects sensitive data and ensures secure boot processes. Microsoft argues that such measures are nonnegotiable as the company continues to address rising cybersecurity threats. The minimum requirements include a list of approved CPUs, starting from AMD Ryzen 2000 and Intel 8th Gen processors, that offer advanced security features and better performance efficiency.

Read more