All an assaulter demand to create is concur SHIFT+F10 during Windows 10 update procedure.
Security researcher Sami Laiho discovered this elementary method of bypassing BitLocker, wherein an assaulter tin opened upward a command-line interface amongst System privileges simply past times belongings SHIFT+F10 spell a Windows 10 PC is installing a novel OS build.
The command-line interface (CLI) too then grants the assaulter amount access to the computer's difficult drive, fifty-fifty when the victim has enabled BitLocker disk encryption feature.
Laiho explains that during the installation of a novel create (Windows 10 upgrade), the operating arrangement disables BitLocker spell the Windows PE installs a novel ikon of the master copy Windows 10 OS.
"The installation [Windows 10 upgrade] of a novel create is done past times reimaging the machine too the ikon installed past times a modest version of Windows called Windows PE (Preinstallation Environment)," Laiho says inward his blog.
"This has a characteristic for troubleshooting that allows you lot to press SHIFT+F10 to teach a Command Prompt. This sadly allows for access to the difficult disk every bit during the upgrade Microsoft disables BitLocker."
Windows 10 in-place upgrades brand this Issue Easy to Exploit
The SHIFT+F10 characteristic has existed amongst before versions of Windows every bit well, too could also last used to bypass BitLocker on Windows seven too 8, but the characteristic has buy the farm a existent flaw alone amongst the advent of Windows 10's in-place upgrades.
The assaulter needs physical access to the target calculator during a relatively brusque fourth dimension frame, bypass BitLocker encryption, too and then gain administrator access to the device – the effect that may also touching on Internet of Things (IoT) devices running Windows 10 every bit well.
Why is this worrying? Most of you lot receive got a bad habit of leaving your PC unattended during the Windows OS update procedure. It's also because Windows updates receive got rattling long to teach installed.
During this time, whatsoever insider or threat share instrumentalist (known or unknown to you) tin opened upward the CLI debugger interface too perform malicious tasks amongst the user admin privileges, despite BitLocker's presence, too that besides without the demand of whatsoever additional software.
"The existent effect hither is the Elevation of Privilege that takes a non-admin to SYSTEM (the beginning of Windows) fifty-fifty on a BitLocker (Microsoft's difficult disk encryption) protected machine," Laiho adds. "And of course of educational activity that this doesn't require whatsoever external hardware or additional software."During his tests, Laiho successfully brought upward the CLI troubleshooting interface spell performing an update from Windows 10 RTM to version 1511 (November Update) or version 1607 (Anniversary Update), too during updates to whatsoever newer Windows 10 Insiders Build, upward to the goal of Oct 2016.
You tin also lookout the video demonstration of this assail on Laiho's blog.
Laiho informed Microsoft of the issue, too the companionship is working on a fix.
How to Mitigate this Issue?
As about countermeasures, Laiho recommended users non to move out their PCs unattended during the update procedure.
The Windows safety practiced also advised users to stay on Windows 10 LTSB (Long Time Servicing Branch) versions for the fourth dimension being, every bit the LTSB versions of Windows 10 does non automatically create upgrades.
Windows 10 users amongst System Center Configuration Manager (SCCM) tin block access to the command-line interface (CLI) during Windows update procedures past times adding a file advert DisableCMDRequest.tag to the %windir%\Setup\Scripts\ folder.
