Microsoft seeking fix after vulnerability found in Windows 10 security feature

windows 10 feature update turns off bitlocker creating exploit mail
Anton Watman/Shutterstock
One of Windows’ most important security features is BitLocker support, which has provided full-disk encryption since Windows Vista first rolled out. Coupled with a compatible Trusted Platform Module, which is now required for new Windows 10 machines, BitLocker theoretically provides solid protection for a Windows machine that’s lost or stolen.

However, any security feature is only as good as the entire system that surrounds it, and any weak link can present a vulnerability that renders it less than secure. For Windows 10, the weak link involves the fact that the operating system turns off Bitlocker during Feature Updates, aka upgrades, creating a potential exploit, as the official Win-Fu blog reports.

According to Windows trainer and MVP Sami Laiho, the vulnerability occurs due to the ability to hit SHIFT+F10 during the reimaging process performed during a Feature Update and access the command prompt. This result in access by the non-admin account that’s in use during the update to the root SYSTEM folder and to all of the contents of the non-BitLocker-protected hard drive.

The following video provides an overview of the process:

According to The Register, security experts further maintain that anyone with physical access to the machine could exploit the bug to access the BitLocker encryption keys. Fortunately, Microsoft is working on fixing the bug, which affects all relevant versions of Windows 10 including the production versions 1511 (November Update) and 1607 (Anniversary Update), as well as newer Windows Insider builds.

The bug does require physical access to the Windows 10 machine, but once that’s accomplished, for example via theft or by an internal employee, then the bug allows admin access to the system once an upgrade is kicked off. Until Microsoft issues a fix, Laiho recommends disallowing unattended upgrades and using the Long-term Servicing Branch version of Windows 10. That’s not much help to nonenterprise Windows 10 users, however, and so maintaining physical control over a Windows 10 machine becomes that much more important.

Computing

Windows 10 user activity logs are sent to Microsoft despite users opting out

Windows 10 Privacy settings may not be enough to stop PCs from releasing user activity data to Microsoft. Users discovered that opting out of having their data sent to Microsoft does little to prevent it from being released.
Computing

Here's why 64-bit (not 32-bit) dominates modern computing

Today's computing world isn't the same as it once was. With 64-bit processors and operating systems replacing the older 32-bit designs, we look at what 32-bit vs. 64-bit really means for you.
Gaming

How do Nintendo Switch, Xbox One X compare to each other? We find out

The Nintendo Switch is innovative enough to stand apart from traditional consoles, but could it become your primary gaming system? How does the Switch stack up against the Xbox One?
Mobile

Apple's iOS 12.1.1 makes it easier to switch cameras in FaceTime

After months of betas, the final version of iOS 12 is here to download. The latest OS comes along with tons of new capabilities, from grouped notifications to Siri Shortcuts. Here are all the features you'll find in iOS 12.
Computing

Why limit yourself to one OS? Try one of these great virtual machine apps

Buying a new computer just because you want to utilize another operating system isn't necessary. Just use the best virtual machine applications to emulate one OS inside another, no matter what your platform or budget is.
Computing

Intel's discrete graphics will be called 'Xe,' IGP gets Adapative Sync next year

Intel has officially dubbed its discrete graphics product Intel Xe, and the company also provided details about its Gen11 IGP. The latter will include adaptive sync support and will arrive in 2019.
Computing

Intel answers Qualcomm's new PC processors by pairing Core and Atom in 'Foveros'

Intel has announced a new packaging technology called 'Foveros' that makes it easier for the company to place multiple chips together on one package. That includes chips based on different Intel architectures, like Core and Atom.
Computing

Razer’s classic DeathAdder Elite gaming mouse drops to $40 on Amazon

If you're looking to pick up a new gaming mouse for the holidays, Amazon has you covered with this great deal on the classic Razer DeathAdder Elite gaming mouse with customizable buttons, RGB lighting, and a 16,000 DPI optical sensor.
Computing

Intel's dedicated GPU is not far off -- here's what we know

Did you hear? Intel is working on a dedicated graphics card. It's called Arctic Sound and though we don't know a lot about it, we know that Intel has some ex-AMD Radeon graphics engineers developing it.
Computing

Firefox 64 helps keep your numerous tabs under control

Mozilla officially launched Firefox 64 by placing new features into the laps of its users including new tab management abilities, intelligent suggestions, and a task manager for keeping Firefox's power consumption under control.
Computing

Here's our guide to how to charge your laptop using a USB-C cable

Charging via USB-C is a great way to power up your laptop. It only takes one cable and you can use the same one for data as well as power -- perfect for new devices with limited port options.
Computing

Apple MacBook Air vs. Microsoft Surface Pro 6

The MacBook Air was updated with more contemporary components and a more modern design, but is that enough to compete with standouts like Microsoft's Surface Pro 6 detachable tablet?
Computing

Installing fonts in Windows 10 is quick and easy -- just follow these steps

Want to know how to install fonts in Windows 10? Here's our guide on two easy ways to get the job done, no matter how many you want to add to your existing catalog, plus instructions for deleting fonts.
Computing

Email take-backsies! Gmail's unsend feature is one of its best

Everyone has sent a message they wish they could take back. How great would it be if you could undo that impulsive email? If you're a Gmail user, you can. Here's how to recall an email in Gmail.