Slashdot Mirror

← Back to Stories (view on slashdot.org)

Holding Shift + F10 During Windows 10 Updates Opens Root CLI, Bypasses BitLocker (bleepingcomputer.com)

Posted by BeauHD on from the don't-leave-your-computer-unattended dept.

An anonymous reader quotes a report from BleepingComputer: Windows security expert and infrastructure trainer Sami Laiho says that by holding SHIFT + F10 while a Windows 10 computer is installing a new OS build, an attacker can open a command-line interface with SYSTEM privileges. This CLI debugging interface also grants the attacker full access to the computer's hard drive data, despite the presence of BitLocker. The CLI debugging interface is present when updating to new Windows 10 and Windows 10 Insiders builds. The most obvious exploitation scenario is when a user leaves his computer unattended during the update procedure. A malicious insider can open the CLI debugger and perform malicious operations under a root user, despite BitLocker's presence. But there are other scenarios where Laiho's SHIFT + F10 trick can come in handy. For example when police have seized computers from users who deployed BitLocker or when someone steals your laptop. Windows 10 defaults help police/thieves in this case because these defaults forcibly update computers, even if the user hasn't logged on for weeks or months. This CLI debugging interface grants the attacker full access to the computer's hard drive, despite the presence of BitLocker. The reason is that during the Windows 10 update procedure, the OS disables BitLocker while the Windows PE (Preinstallation Environment) installs a new image of the main Windows 10 operating system. "This [update procedure] has a feature for troubleshooting that allows you to press SHIFT + F10 to get a Command Prompt," Laiho writes on his blog. "The real issue here is the Elevation of Privilege that takes a non-admin to SYSTEM (the root of Windows) even on a BitLocker (Microsoft's hard disk encryption) protected machine." Laiho informed Microsoft of the issue and the company is apparently working on a fix.

9 of 138 comments (clear)

  1. As a Microsoft fanboi, glad to see this by Anonymous Coward · · Score: 5, Funny

    Microsoft is finally backing away from their focus on privacy invasion in Win10 and going back to concentrate on their core competency, lack of security.

    I was really starting to get worried. Whew.

  2. Re: Something Smells Fishy by Billly+Gates · · Score: 4, Informative

    The reason why is the key is stored on the TPM chip. NTFS.sys can simply use it as a layer in it's I/O stack when filling it's read/write buffers.

    --
    http://saveie6.com/
  3. Re: Only the lazy and terminally lame dont know? by sexconker · · Score: 4, Informative

    BitLocker can be used without TPM. You can supply your key via a USB drive or even use a keyboard to put in the 48-digit recovery key.

  4. Is this surprising? by Excelcia · · Score: 5, Insightful

    Is this really surprising? From the company that just made accepting every update they want to push mandatory? I didn't trust Microsoft before they did that, now it's just blatant in your face "we own your computer". The fact that anyone trusts BitLocker is what astounds me.

    Your Windows 10 friends are:
    1) Windows Update Mini Tool. Gives you back control of your windows update experience.
    2) Windows updates details. A spreadsheet maintained with every patch and what it does. Microsoft gets more and more evasive with their explanations of what their patches do, this is a good site for info. And, for heaven's sake, please please please get...
    3) VeraCrypt. Based on TrueCrypt 7.1, development was continued by the community. Security audits have been done on this code base and, while no non-trivial software can ever be proven completely safe, I trust this software far more than BitLocker (which I actively distrust).

    My Windows 7 laptop was safe from the whole Windows 10 upgrade debacle and the "we are going to upgrade your OS unless you happen to catch this message in time and say no" nagware because I carefully and meticulously have always gone over every windows update that goes on my computer. It was with literal astonishment that I learned that update is mandatory in Windows 10. I can't believe people stand for it. I've managed to work around it, but that was really the last straw for me. I have finally migrated mostly to Linux. I have used it for my servers and personal cloud services since the days of SLS but never really adopted for my desktop. I kept it for stuff I couldn't do in Windows. Now I've reversed that, using Linux for everything I can and only using Windows for gaming or software I absolutely can't do in Linux.

  5. Are you doing it (BitLocker) right? by Nkwe · · Score: 4, Informative

    If you are doing BitLocker correctly, you have to type in a password every time you boot the computer. If you are doing is really right, that password is only a PIN used to unlock the actual encryption key stored in a Trusted Platform Module (hardware protected crypto storage device). This means that although a computer may update itself automatically if it gets powered up by an adversary, thus opening an opportunity for the diagnostic shell to have access to a temporarily disabled BitLocker, this could only happen if the adversary knows (or can coerce) the BitLocker password from you. While some may believe that there is a backdoor to BitLocker, this particular diagnostic window is not it because it should never be accessible by an adversary.

  6. Re:Bwahahaha... by GNU(slash)Nickname · · Score: 4, Insightful

    Just who is going to be at the keyboard during this vulnerability? The PC owner.

    No, the person with physical possession of the PC, which could be the person who stole it. Many computers are worth far less than the data they contain.

  7. Re:Well what did you expect? by BitterOak · · Score: 5, Insightful

    Shift-F10 has existed for lots of years know. Requires physical access. Windows build updates require to decrypt the drive.

    "Requires physical access"???? The WHOLE POINT of hard disk encryption is to protect you in the event someone gains physical access to your computer! (Assuming you're not logged in at the time, of course!)

    --
    If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
  8. Re:Publicity before giving MS a chance to fix it? by chipschap · · Score: 4, Funny

    shear incompetence or shear malice

    What a cutting remark.

  9. Re:Something Smells Fishy by EndlessNameless · · Score: 4, Informative

    You obviously have no idea how Bitlocker works. It is architecturally similar to many other full-disk encryption packages.

    There is a volume encryption key which is used to encrypt the user data on the disk. This key is generally used with a fast symmetric cipher like AES. Once the initial volume encryption is completed, all reads/writes require the key to encrypt or decrypt the data.

    The volume encryption key is encrypted with the public key or password for each unique user. Thus, each user has his own means of accessing the volume key, which must be the same for everyone. There is an encrypted copy of the volume key on the hard drive for every user. It could be one, or it could a hundred. (In most enterprises, the TPM is also a "user" who can unlock the drive with its key.)

    In this case, the disk can be temporarily "unlocked" if an administrator suspends Bitlocker. When Bitlocker is suspended, the volume encryption key is stored in a cleartext container on disk. That volume will automatically unlock until Bitlocker protection is reenabled, which scrubs the cleartext key.

    Microsoft should require administrator consent before suspending Bitlocker, so this is more of a design flaw than an exploit. Manually suspending Bitlocker does require administrator privileges.

    --

    ---
    According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.