Skip to main content
  1. Home
  2. Computing
  3. News

Microsoft seeking fix after vulnerability found in Windows 10 security feature

By

windows 10 feature update turns off bitlocker creating exploit mail
Anton Watman/Shutterstock
One of Windows’ most important security features is BitLocker support, which has provided full-disk encryption since Windows Vista first rolled out. Coupled with a compatible Trusted Platform Module, which is now required for new Windows 10 machines, BitLocker theoretically provides solid protection for a Windows machine that’s lost or stolen.

However, any security feature is only as good as the entire system that surrounds it, and any weak link can present a vulnerability that renders it less than secure. For Windows 10, the weak link involves the fact that the operating system turns off Bitlocker during Feature Updates, aka upgrades, creating a potential exploit, as the official Win-Fu blog reports.

Recommended Videos

According to Windows trainer and MVP Sami Laiho, the vulnerability occurs due to the ability to hit SHIFT+F10 during the reimaging process performed during a Feature Update and access the command prompt. This result in access by the non-admin account that’s in use during the update to the root SYSTEM folder and to all of the contents of the non-BitLocker-protected hard drive.

Related

The following video provides an overview of the process:

Win Fu Official Blog Every Windows 10 in place Upgrade is a SEVERE Security risk

According to The Register, security experts further maintain that anyone with physical access to the machine could exploit the bug to access the BitLocker encryption keys. Fortunately, Microsoft is working on fixing the bug, which affects all relevant versions of Windows 10 including the production versions 1511 (November Update) and 1607 (Anniversary Update), as well as newer Windows Insider builds.

The bug does require physical access to the Windows 10 machine, but once that’s accomplished, for example via theft or by an internal employee, then the bug allows admin access to the system once an upgrade is kicked off. Until Microsoft issues a fix, Laiho recommends disallowing unattended upgrades and using the Long-term Servicing Branch version of Windows 10. That’s not much help to nonenterprise Windows 10 users, however, and so maintaining physical control over a Windows 10 machine becomes that much more important.

Editors' Recommendations

Topics
Mark Coppock
Mark Coppock
Computing Writer
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
Update Windows now — Microsoft just fixed several dangerous exploits
Person sitting and using an HP computer with Windows 11.

Microsoft has just released a new patch, and this time around, the update comes with fixes for several dangerous and actively abused vulnerabilities and exploits in Windows.

A total of 68 vulnerabilities were addressed in the patch, many of them critical. Here's what was fixed and how to make sure your Windows device is up to date.

Read more
Microsoft says disabling these two Windows 11 features will boost gaming performance
An Alienware + Windows 11 PC gaming setup.

Two settings in Windows 11 may affect gaming performance, says Microsoft. These settings are enabled by default.

Microsoft has made it possible for you to disable these options, but there are also reasons why you might want to keep them on. However, if your computer's performance in games is less than stellar, they might be worth checking out.

Read more
Top 10 Windows shortcuts everyone should know
An individual using a laptop's keyboard.

Windows shortcuts are a constantly-used feature by practically all PC users. Apart from saving you time from carrying out the specific command without having to perform a few extra clicks on your mouse, it’s simply more convenient to refer back to shortcuts via your keyboard.

Although you may be satisfied with the Windows shortcuts you already know about and utilize on a daily basis, you can enhance your general Windows experience in a big way with these 10 shortcuts everyone should know.
Ctrl + Z
Tired of always having to use your mouse to find and click the Undo button on a program like Microsoft Word or, say, entering details on a website or editing images? Ctrl + Z will basically undo whatever your last action was, providing you a convenient way to reverse edits and changes within a second. From personal experience, this shortcut proved to be especially useful for productivity applications.
Ctrl + Shift + T
We’ve all been there. Nowadays, our browsers are inundated with multiple tabs, and as such, it’s hard to keep track of at times. Eventually, you’re going to close a tab on accident when trying to select it. Instead of trying to remember what it was or spending a few seconds accessing it and reopening it via the Recently Closed feature (on Chrome), simply hit Ctrl + Shift + T to restore the last closed tab. Similarly, Ctrl + N will open a new tab.
Alt + Tab

Read more