Skip to main content
  1. Home
  2. Computing
  3. News

Microsoft seeking fix after vulnerability found in Windows 10 security feature

Mark Coppock
By

windows 10 feature update turns off bitlocker creating exploit mail
Anton Watman/Shutterstock
One of Windows’ most important security features is BitLocker support, which has provided full-disk encryption since Windows Vista first rolled out. Coupled with a compatible Trusted Platform Module, which is now required for new Windows 10 machines, BitLocker theoretically provides solid protection for a Windows machine that’s lost or stolen.

However, any security feature is only as good as the entire system that surrounds it, and any weak link can present a vulnerability that renders it less than secure. For Windows 10, the weak link involves the fact that the operating system turns off Bitlocker during Feature Updates, aka upgrades, creating a potential exploit, as the official Win-Fu blog reports.

Recommended Videos

According to Windows trainer and MVP Sami Laiho, the vulnerability occurs due to the ability to hit SHIFT+F10 during the reimaging process performed during a Feature Update and access the command prompt. This result in access by the non-admin account that’s in use during the update to the root SYSTEM folder and to all of the contents of the non-BitLocker-protected hard drive.

Related

The following video provides an overview of the process:

Win Fu Official Blog Every Windows 10 in place Upgrade is a SEVERE Security risk

According to The Register, security experts further maintain that anyone with physical access to the machine could exploit the bug to access the BitLocker encryption keys. Fortunately, Microsoft is working on fixing the bug, which affects all relevant versions of Windows 10 including the production versions 1511 (November Update) and 1607 (Anniversary Update), as well as newer Windows Insider builds.

The bug does require physical access to the Windows 10 machine, but once that’s accomplished, for example via theft or by an internal employee, then the bug allows admin access to the system once an upgrade is kicked off. Until Microsoft issues a fix, Laiho recommends disallowing unattended upgrades and using the Long-term Servicing Branch version of Windows 10. That’s not much help to nonenterprise Windows 10 users, however, and so maintaining physical control over a Windows 10 machine becomes that much more important.

Editors' Recommendations

Topics
Mark Coppock
Mark Coppock
Computing Writer
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
Top 10 Windows shortcuts everyone should know
An individual using a laptop's keyboard.

Windows shortcuts are a constantly-used feature by practically all PC users. Apart from saving you time from carrying out the specific command without having to perform a few extra clicks on your mouse, it’s simply more convenient to refer back to shortcuts via your keyboard.

Although you may be satisfied with the Windows shortcuts you already know about and utilize on a daily basis, you can enhance your general Windows experience in a big way with these 10 shortcuts everyone should know.
Ctrl + Z
Tired of always having to use your mouse to find and click the Undo button on a program like Microsoft Word or, say, entering details on a website or editing images? Ctrl + Z will basically undo whatever your last action was, providing you a convenient way to reverse edits and changes within a second. From personal experience, this shortcut proved to be especially useful for productivity applications.
Ctrl + Shift + T
We’ve all been there. Nowadays, our browsers are inundated with multiple tabs, and as such, it’s hard to keep track of at times. Eventually, you’re going to close a tab on accident when trying to select it. Instead of trying to remember what it was or spending a few seconds accessing it and reopening it via the Recently Closed feature (on Chrome), simply hit Ctrl + Shift + T to restore the last closed tab. Similarly, Ctrl + N will open a new tab.
Alt + Tab

Read more
After 10 years of headaches, I’m finally a believer in Windows on ARM
The Microsoft Surface 3 with its blue keyboard.

Almost two years in, Apple is on the verge of completing its transition to ARM. It might surprise you to know, then, that Microsoft started its own journey to ARM chips long before Apple.

But Windows' support for ARM has been far less smooth. There aren't many more Windows devices with ARM chips than there were five years ago -- and I can attest to having personally used every failed attempt along the way.

Read more
The latest Windows update is causing major printer problems
A Dell laptop with Windows 10 sitting on a desk.

Microsoft is now offering Windows 10 users a workaround for an issue that has come along with a mid-July update.

The KB5015807 update, which rolled out on July 12 and includes OS Builds 19042.1826, 19043.1826, and 19044.1826 all have a glitch that affects printers connected to computers running Windows 10. After the update is installed, you might see multiple printer listings available when you only have one product.

Read more