Security News Holding Shift + F10 During Windows 10 Updates Opens Root CLI, Bypasses BitLocker

Dirk41

Level 17
Thread author
Verified
Top Poster
Well-known
Mar 17, 2016
797
Windows security expert and infrastructure trainer Sami Laiho has discovered a simple method of bypassing BitLocker during the Windows 10 update procedure.

Laiho says that by holding SHIFT + F10 while a Windows 10 computer is installing a new OS build, an attacker can open a command-line interface with SYSTEM privileges.

SHIFT + F10 for the win!!!
This CLI debugging interface grants the attacker full access to the computer's hard drive, despite the presence of BitLocker.

The reason is that during the Windows 10 update procedure, the OS disables BitLocker while the Windows PE (Preinstallation Environment) installs a new image of the main Windows 10 operating system.

"This [update procedure] has a feature for troubleshooting that allows you to press SHIFT+F10 to get a Command Prompt," Laiho writes on his blog. "The real issue here is the Elevation of Privilege that takes a non-admin to SYSTEM (the root of Windows) even on a BitLocker (Microsoft's hard disk encryption) protected machine."


Full article with countermeasures: Holding Shift + F10 During Windows 10 Updates Opens Root CLI, Bypasses BitLocker
 
Last edited by a moderator:

DardiM

Level 26
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
May 14, 2016
1,597
Thanks for the share :)

In a lot of situations (not one where the person is afk) :
- it is better to have a partition with the system, and near, some other partitions with important data under BitLocker.
(even if using an app on c: , working files => partition(s) using BitLocker)
 
Last edited:

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
Thanks for the share :)

In a lot of situations (not one where the person is afk) :
- it is better to have a partition with the system, and near, some other partitions with important data under BitLocker.
(even if using an app on c: , working files => partition(s) using BitLocker)
Right, and the chance of doing this remotely is way slim.
You would have to be there in real time. A serious oversight by MS for sure,
but not one I'm concerned about.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top