Security News Holding Shift + F10 During Windows 10 Updates Opens Root CLI, Bypasses BitLocker

D

Dirk41

Level 17
Thread author
Verified
Top Poster
Well-known
Mar 17, 2016
797
Windows security expert and infrastructure trainer Sami Laiho has discovered a simple method of bypassing BitLocker during the Windows 10 update procedure.

Laiho says that by holding SHIFT + F10 while a Windows 10 computer is installing a new OS build, an attacker can open a command-line interface with SYSTEM privileges.

SHIFT + F10 for the win!!!
This CLI debugging interface grants the attacker full access to the computer's hard drive, despite the presence of BitLocker.

The reason is that during the Windows 10 update procedure, the OS disables BitLocker while the Windows PE (Preinstallation Environment) installs a new image of the main Windows 10 operating system.

"This [update procedure] has a feature for troubleshooting that allows you to press SHIFT+F10 to get a Command Prompt," Laiho writes on his blog. "The real issue here is the Elevation of Privilege that takes a non-admin to SYSTEM (the root of Windows) even on a BitLocker (Microsoft's hard disk encryption) protected machine."


Full article with countermeasures: Holding Shift + F10 During Windows 10 Updates Opens Root CLI, Bypasses BitLocker
 
Last edited by a moderator:
  • Like
Reactions: Deleted member 2913, tim one, ravi prakash saini and 8 others
DardiM

DardiM

Level 26
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
May 14, 2016
1,597
Thanks for the share :)

In a lot of situations (not one where the person is afk) :
- it is better to have a partition with the system, and near, some other partitions with important data under BitLocker.
(even if using an app on c: , working files => partition(s) using BitLocker)
 
Last edited:
  • Like
Reactions: Deleted member 2913, Dirk41, tim one and 6 others
_CyberGhosT_

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
DardiM said:
Thanks for the share :)

In a lot of situations (not one where the person is afk) :
- it is better to have a partition with the system, and near, some other partitions with important data under BitLocker.
(even if using an app on c: , working files => partition(s) using BitLocker)
Click to expand...
Right, and the chance of doing this remotely is way slim.
You would have to be there in real time. A serious oversight by MS for sure,
but not one I'm concerned about.
 
  • Like
Reactions: safe1st, DardiM, Deleted member 2913 and 2 others
You must log in or register to reply here.

Similar threads

nicolaasjan
    • Hundred Points
    • Applause
    • Like
Block Windows 11 from encrypting drives during installation
Replies
3
Views
582
Windows 11
nicolaasjan
nicolaasjan
vtqhtr413
    • Like
    • +Reputation
Bypassing Bitlocker, Security Engineer shows us How
Replies
4
Views
1,578
News Archive
wat0114
wat0114
Gandalf_The_Grey
    • Like
Malware News Malware locks browser in kiosk mode to steal Google credentials
Replies
0
Views
1,496
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top