Another major flaw (Why can't Microsoft do anything right?)

[MrFreeman]

So another major security flaw with Windows 10 has just been revealed. http://www.ghacks.net/2016/11/30/bitloc ... -upgrades/

Now Bitlocker has always been a joke, but this just makes it worse:

A security researcher discovered a new issue in Microsoft's Windows 10 operating system that allows attackers to gain access to BitLocker encrypted data.

A post on the Win-Fu blog highlights the method. Basically, what the method does is exploit a troubleshooting feature that is enabled during the upgrade process.

There is a small but CRAZY bug in the way the "Feature Update" (previously known as "Upgrade") is installed. The installation of a new build is done by reimaging the machine and the image installed by a small version of Windows called Windows PE (Preinstallation Environment).

This has a feature for troubleshooting that allows you to press SHIFT+F10 to get a Command Prompt. This sadly allows for access to the hard disk as during the upgrade Microsoft disables BitLocker.

If you press Shift-F10, you open a command prompt window which lets you access the storage devices of the operating system.

Since BitLocker protection is disabled during upgrades, it means that anyone exploiting the issue gets access to all files that are usually encrypted by BitLocker.

Microsoft advertises that Windows 10 is the most secure version of Windows, but yet it is disproven time and time again. In my opinion if you must use Windows 10, just use Veracrypt instead to encrypt your drive. What do you guys think about this?

[mrpijey]

I've tried this on my machine (which uses Bitlocker on all drives), and it didn't work.

[The Distractor]

shift+10 in setup and upgrade is actually *documented*.

I actually use it every build upgrade to tail -f setupact.log (giving me extra info on update progress).

[MrFreeman]

shift+10 in setup and upgrade is actually *documented*.

I actually use it every build upgrade to tail -f setupact.log (giving me extra info on update progress).

Isn't "tail" a bash command? How would that work within the WinPE environment. I didn't think it would support WSL.

[Goldfish64]

Both the Shift+F10 and the fact that BitLocker is suspended during OS upgrades is well known. Been that way since Vista.

[The Distractor]

shift+10 in setup and upgrade is actually *documented*.

I actually use it every build upgrade to tail -f setupact.log (giving me extra info on update progress).

Isn't "tail" a bash command? How would that work within the WinPE environment. I didn't think it would support WSL.

Not using wsl, but tail.exe as provided by mingw/msys.

[veovis]

shift+10 in setup and upgrade is actually *documented*.

I actually use it every build upgrade to tail -f setupact.log (giving me extra info on update progress).

Same here, especially when troubleshooting deployments done via SCCM. When troubleshooting a failed SCCM deployment, often the only way to get to the logs to see what failed is to use shift-f10 and either view them on the machine or copy them to external media because SCCM writes logs to a RAM drive.

I have also used it to troubleshoot issues on home PCs from the PE environment. This "security exploit" requires local console access and can't be performed remotely (at least not without some form of remote management, or network-based KVM).

In general it is always been recommended security practice to not leave machines unattended during an OS install or upgrade if the machine contains sensitive data or is not in a secure location. It is well documented that bitlocker encryption has to be temporarily disabled during OS install or upgrade operations and that applies to all versions of Windows that supports bitlocker - including versions of Windows Server not just Windows 10.