A bug has been discovered in the way Windows 10 handles a Feature Update -- the installation of a new build of the operating system. By taking advantage of the bug, it is possible to access a Command Prompt and gain unrestricted access to the contents of the hard drive.
The reason for this is that BitLocker is disabled during the update process, as security expert Sami Laiho points out. He reveals that exploiting the bug takes nothing more than pressing Shift + F10 during the upgrade and you can then access the Command Prompt in the Windows PE (Preinstallation Environment) used during the upgrade.
While exploiting the bug -- which, we are assured, Microsoft is 'working on' -- does require access to a computer, it is still a concern. Laiho says:
The real issue here is the Elevation of Privilege that takes a non-admin to SYSTEM (the root of Windows) even on a BitLocker (Microsoft's hard disk encryption) protected machine. And of course that this doesn't require any external hardware or additional software.So what can you do to keep your computer secure? Well, until a fix is released for the problem, there are limits to the protective steps you can take, but Laiho offers the following advice:
- Don't allow unattended upgrades
- Keep very tight watch on the Insiders
- Stick to LTSB version of Windows 10 for now
~ Mark Wilson
0 comments:
Post a Comment