Short Bytes: A security researcher named Sami Laiho has found a simple flaw in the Windows 10 update procedure that can let a hacker bypass BitLocker and access elevated Command Line. To do so, one needs to hold Shift+F10 during the update process. Laiho advises the users to avoid leaving their PCs unattended during the update process.By taking the advantage of an underlying bug in the new build of Windows 10, an attacker can access an elevated Command Line interface in the Windows Preinstallation Environment by simply holding Shift+F10 during the update process.
As the Command Line interface grants the administrative privileges, the hacker can access the computer’s hard drive by automatically bypassing BitLocker encryption–a feature that’s supposed to add an extra layer of security to your personal files.. This is possible due to a troubleshooting feature that lets one press the key combination to open the interface.
Explaining the bug, in his blog post, security researcher Sami Laiho writes that when a new build is being deployed, BitLocker is suspended. Thus, the TPM and password checks are both bypassed.
This bug not only affects the PCs running insider builds of Windows 10, but also the systems updating from Windows 10 RTM version to November or Anniversary update.
This flaw has been present in Windows 7 and 8 versions as well, but it has come into the limelight after Windows 10 in-place upgrades.
Here, the real issue is the privilege escalation that takes a non-admin to system, even with BitLocker enabled. This becomes scary when an attacker just needs to wait for the next upgrade on an unattended machine.
To tackle this situation, there is a simple solution that tells you to don’t allow unattended upgrades and keep a close eye on your PC. Until a fix is offered, one can also choose to stick to LTSB version of Windows 10 for now.
You can read more about the flaw exploitation and watch its video on Laiho’s blog.