Security News The Dangers of the New Windows 10 Update System

[frogboy]

The latest version of the Microsoft OS has become once again a topic of discussion, and this time it may carry bad news for your company’s security. As the cybersecurity expert Sami Laiho revealed on his blog, every Windows 10 update poses a serious risk. Namely, while your system updates, anyone can take control of your corporate computers.

“This is a big issue and it has been there for a long time,” explains Laiho. This serious flaw comes into play when the OS restarts after installing a new update. Once the system is being updated, all you need to do to gain control of it is to push Shift-F10 to access the command prompt with admin level clearance.

In light of this, the dangers that your company faces are multifaceted. Indeed, any employee can take control of their computer as administrator, access confidential documents, or access the corporate network and create a serious problem from within the company itself.

Laiho points out that it is not necessary to use any specific software to carry out this cyberattack. Just that innocent combination of keys is enough to sow chaos. As if that wasn’t enough, the threat is not limited to those who have physical access to the computer: “An external threat having access to a computer waits for it to start an upgrade to get into the system,” explains Laiho.

Full Article. The Dangers of the New Windows 10 Update System

 

[Claw]

Is there ever any good news where Microsoft is concerned ?

 

[Svoll]

Thanks for a great article

This is be penguins favorite part as he loves irony:

Microsoft is apparently working to fix this serious flaw. Meanwhile, the most important thing to prevent threats is to rely on an adequate security solution, and not to postpone Windows 10’s tedious updates.

Update your OS, OS updates has security flaws but update it anyways we are fixing it soon.

 

[Marko :)]

This is the reason why I don't like Windows 10 and why I'm still on Windows 7. Every new update causes problems.

 

[askmark]

What a lot of hoo ha over absolutely nothing. Doesn't really have any real consequences for home users only corporate pc users.

Wowee! I can get a system level cmd prompt by pressing shift+f10 when Windows restarts after a major update.

Snore.

 

[RejZoR]

What a lot of hoo ha over absolutely nothing. Doesn't really have any real consequences for home users only corporate pc users.

Wowee! I can get a system level cmd prompt by pressing shift+f10 when Windows restarts after a major update.

Snore.

If you can bypass all the fancy security with something this trivial, this IS a serious matter.

 

[Azure]

Already mentioned
Security Alert - Holding Shift + F10 During Windows 10 Updates Opens Root CLI, Bypasses BitLocker

 

[askmark]

If you can bypass all the fancy security with something this trivial, this IS a serious matter.

But you have to be sitting at the computer to exploit the flaw. Not very likely to happen to most people, unless im wrong and it's common to find hackers in your home.

 

[RejZoR]

But you have to be sitting at the computer to exploit the flaw. Not very likely to happen to most people, unless im wrong and it's common to find hackers in your home.

Because stealing a computer and then simply waiting for it to do an update to bypass all the security measures is something one can only see in science fiction? I think not...

 

[KGBagent47]

So why not just encrypt sensitive data during the update and then verify the running processes and admin users after the update?

 

[Parsh]

Surprise surprise! Were there not many big news drafts left for headaches that they leave this little terror free?
They say update, while an update can apparently be used to cause havoc before PCs are completely updated.
By the way, can external threats operate like that when Windows has restarted and is updating? Maybe exploiting a loophole in the procedure

 

[Zero Knowledge]

They will fix it next week. Not a major issue unless you lose physical ownership of your box and by that time your toast anyway.

 

[KGBagent47]

They will fix it next week. Not a major issue unless you lose physical ownership of your box and by that time your toast anyway.

Yeah, until then lock your door before you install a Windows update on a personal machine.

 

[jamescv7]

Just that innocent combination of keys is enough to sow chaos. As if that wasn’t enough, the threat is not limited to those who have physical access to the computer: “An external threat having access to a computer waits for it to start an upgrade to get into the system,” explains Laiho.

I've remembered the counterpart vulnerability in Linux where tapping backspace key more than 70 times will bypass the login of the OS.

Anyway that vulnerability should be fix immediately, Microsoft should consider check those pretty and yet common possible attacks,