Just Pressing Shift+F10 During Windows 10 Update Makes Your PC Super Easy To Hack


Short Bytes: A security researcher named Sami Laiho has found a simple flaw in the Windows 10 update procedure that can let a hacker bypass BitLocker and access elevated Command Line. To do so, one needs to hold Shift+F10 during the update process. Laiho advises the users to avoid leaving their PCs unattended during the update process.

By taking the advantage of an underlying bug in the new build of Windows 10, an attacker can access an elevated Command Line interface in the Windows Preinstallation Environment by simply holding Shift+F10 during the update process.

As the Command Line interface grants the administrative privileges, the hacker can access the computer’s hard drive by automatically bypassing BitLocker encryption–a feature that’s supposed to add an extra layer of security to your personal files.. This is possible due to a troubleshooting feature that lets one press the key combination to open the interface.

Explaining the bug, in his blog post, security researcher Sami Laiho writes that when a new build is being deployed, BitLocker is suspended. Thus, the TPM and password checks are both bypassed.

This bug not only affects the PCs running insider builds of Windows 10, but also the systems updating from Windows 10 RTM version to November or Anniversary update.

Kickstart your hacking career today

This flaw has been present in Windows 7 and 8 versions as well, but it has come into the limelight after Windows 10 in-place upgrades.

Here, the real issue is the privilege escalation that takes a non-admin to system, even with BitLocker enabled. This becomes scary when an attacker just needs to wait for the next upgrade on an unattended machine.

To tackle this situation, there is a simple solution that tells you to don’t allow unattended upgrades and keep a close eye on your PC. Until a fix is offered, one can also choose to stick to LTSB version of Windows 10 for now.

You can read more about the flaw exploitation and watch its video on Laiho’s blog.

Also Read: Locky Ransomware Is Now Using JPG Images On Facebook & LinkedIn To Hack Your PC

Adarsh Verma

Adarsh Verma

Fossbytes co-founder and an aspiring entrepreneur who keeps a close eye on open source, tech giants, and security. Get in touch with him by sending an email — [email protected]
More From Fossbytes

Latest On Fossbytes

Find your dream job