Slashdot Mirror

← Back to Stories (view on slashdot.org)

Holding Shift + F10 During Windows 10 Updates Opens Root CLI, Bypasses BitLocker (bleepingcomputer.com)

Posted by BeauHD on from the don't-leave-your-computer-unattended dept.

An anonymous reader quotes a report from BleepingComputer: Windows security expert and infrastructure trainer Sami Laiho says that by holding SHIFT + F10 while a Windows 10 computer is installing a new OS build, an attacker can open a command-line interface with SYSTEM privileges. This CLI debugging interface also grants the attacker full access to the computer's hard drive data, despite the presence of BitLocker. The CLI debugging interface is present when updating to new Windows 10 and Windows 10 Insiders builds. The most obvious exploitation scenario is when a user leaves his computer unattended during the update procedure. A malicious insider can open the CLI debugger and perform malicious operations under a root user, despite BitLocker's presence. But there are other scenarios where Laiho's SHIFT + F10 trick can come in handy. For example when police have seized computers from users who deployed BitLocker or when someone steals your laptop. Windows 10 defaults help police/thieves in this case because these defaults forcibly update computers, even if the user hasn't logged on for weeks or months. This CLI debugging interface grants the attacker full access to the computer's hard drive, despite the presence of BitLocker. The reason is that during the Windows 10 update procedure, the OS disables BitLocker while the Windows PE (Preinstallation Environment) installs a new image of the main Windows 10 operating system. "This [update procedure] has a feature for troubleshooting that allows you to press SHIFT + F10 to get a Command Prompt," Laiho writes on his blog. "The real issue here is the Elevation of Privilege that takes a non-admin to SYSTEM (the root of Windows) even on a BitLocker (Microsoft's hard disk encryption) protected machine." Laiho informed Microsoft of the issue and the company is apparently working on a fix.

5 of 138 comments (clear)

  1. Re:Publicity before giving MS a chance to fix it? by fibonacci8 · · Score: 3, Insightful

    Or if an exploit exists in the wild, giving fair warning to end users so they can attempt to do something about it.

    --
    Inheritance is the sincerest form of nepotism.
  2. Is this surprising? by Excelcia · · Score: 5, Insightful

    Is this really surprising? From the company that just made accepting every update they want to push mandatory? I didn't trust Microsoft before they did that, now it's just blatant in your face "we own your computer". The fact that anyone trusts BitLocker is what astounds me.

    Your Windows 10 friends are:
    1) Windows Update Mini Tool. Gives you back control of your windows update experience.
    2) Windows updates details. A spreadsheet maintained with every patch and what it does. Microsoft gets more and more evasive with their explanations of what their patches do, this is a good site for info. And, for heaven's sake, please please please get...
    3) VeraCrypt. Based on TrueCrypt 7.1, development was continued by the community. Security audits have been done on this code base and, while no non-trivial software can ever be proven completely safe, I trust this software far more than BitLocker (which I actively distrust).

    My Windows 7 laptop was safe from the whole Windows 10 upgrade debacle and the "we are going to upgrade your OS unless you happen to catch this message in time and say no" nagware because I carefully and meticulously have always gone over every windows update that goes on my computer. It was with literal astonishment that I learned that update is mandatory in Windows 10. I can't believe people stand for it. I've managed to work around it, but that was really the last straw for me. I have finally migrated mostly to Linux. I have used it for my servers and personal cloud services since the days of SLS but never really adopted for my desktop. I kept it for stuff I couldn't do in Windows. Now I've reversed that, using Linux for everything I can and only using Windows for gaming or software I absolutely can't do in Linux.

  3. Re:Bwahahaha... by GNU(slash)Nickname · · Score: 4, Insightful

    Just who is going to be at the keyboard during this vulnerability? The PC owner.

    No, the person with physical possession of the PC, which could be the person who stole it. Many computers are worth far less than the data they contain.

  4. Re:Well what did you expect? by BitterOak · · Score: 5, Insightful

    Shift-F10 has existed for lots of years know. Requires physical access. Windows build updates require to decrypt the drive.

    "Requires physical access"???? The WHOLE POINT of hard disk encryption is to protect you in the event someone gains physical access to your computer! (Assuming you're not logged in at the time, of course!)

    --
    If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
  5. Re:Well what did you expect? by Skuld-Chan · · Score: 3, Insightful

    Not to mention most corporations won't be upgrading machines without using management software. This is such a non story.