Skip to main content
  1. Home
  2. Computing
  3. News

Microsoft seeking fix after vulnerability found in Windows 10 security feature

By

windows 10 feature update turns off bitlocker creating exploit mail
Anton Watman/Shutterstock
One of Windows’ most important security features is BitLocker support, which has provided full-disk encryption since Windows Vista first rolled out. Coupled with a compatible Trusted Platform Module, which is now required for new Windows 10 machines, BitLocker theoretically provides solid protection for a Windows machine that’s lost or stolen.

However, any security feature is only as good as the entire system that surrounds it, and any weak link can present a vulnerability that renders it less than secure. For Windows 10, the weak link involves the fact that the operating system turns off Bitlocker during Feature Updates, aka upgrades, creating a potential exploit, as the official Win-Fu blog reports.

Recommended Videos

According to Windows trainer and MVP Sami Laiho, the vulnerability occurs due to the ability to hit SHIFT+F10 during the reimaging process performed during a Feature Update and access the command prompt. This result in access by the non-admin account that’s in use during the update to the root SYSTEM folder and to all of the contents of the non-BitLocker-protected hard drive.

Related

The following video provides an overview of the process:

Win Fu Official Blog Every Windows 10 in place Upgrade is a SEVERE Security risk

According to The Register, security experts further maintain that anyone with physical access to the machine could exploit the bug to access the BitLocker encryption keys. Fortunately, Microsoft is working on fixing the bug, which affects all relevant versions of Windows 10 including the production versions 1511 (November Update) and 1607 (Anniversary Update), as well as newer Windows Insider builds.

The bug does require physical access to the Windows 10 machine, but once that’s accomplished, for example via theft or by an internal employee, then the bug allows admin access to the system once an upgrade is kicked off. Until Microsoft issues a fix, Laiho recommends disallowing unattended upgrades and using the Long-term Servicing Branch version of Windows 10. That’s not much help to nonenterprise Windows 10 users, however, and so maintaining physical control over a Windows 10 machine becomes that much more important.

Editors’ Recommendations

Topics
Mark Coppock
Mark Coppock
Computing Writer
Mark Coppock is a Freelance Writer at Digital Trends covering primarily laptop and other computing technologies. He has…
You definitely want to install these 90 Windows security patches
Microsoft Surface Laptop Go 3 rear view showing lid and logo.

Microsoft has issued security updates to address 90 vulnerabilities, some of which hackers are actively exploiting, in a blog post yesterday. These flaws allow hackers to bypass security features and gain unauthorized access to your PC's system, highlighting the need to keep your Windows computer updated.

Nine are rated Critical, 80 of the flaws are rated Important, and only one is rated Moderate in severity. In addition, the software giant has patched 36 vulnerabilities in its Edge browser in the past month to avoid issues with its browser. Users will be happy to know that the patches are for six actively exploited zero-days, including CVE-2024-38213. This lets attackers bypass SmartScreen protections but requires the user to open a malicious file. TrendMicro's Peter Girnus, who discovered and reported the flaw, proposed it could be a workaround for CVE-2023-36025 or CVE-2024-21412 that DarkGate malware operators misused.

Read more
PC gamers still prefer Windows 10 over Windows 11
A man stands in front of a gaming PC.

Windows 11 saw a decline in the latest Steam hardware and software survey for July 2024. According to Valve's data, gamers using Microsoft's newer operating system dropped below the 46% threshold. Currently, Windows 11 accounts for approximately 45.81% of all Windows users on Steam, marking a decrease of 0.82% from the previous month.

In contrast, Windows 10 experienced an increase of 0.74%, reaching a 50.16% share. Although gaming performance is generally similar on both operating systems, a recent test by Hardware Unboxed reveals that Windows 10 may offer better performance in certain titles due to the core isolation feature, where memory integrity is enabled by default on Windows 11.

Read more
Microsoft is backpedaling on future Windows 10 updates
The Windows Update screen in Windows 10.

Windows 10 is on its way out, with support ending in October 2025. That isn't changing, though Microsoft's approach to rolling out new features in the meantime definitely has. In a surprising move, Microsoft announced in a June 4 Windows Insider Blog post that it is bringing a Beta Channel for those Windows Insiders currently running on Windows 10 version 22H2.

This means that despite the end of support, Windows 10 users will continue to get some new features that were initially restricted to Windows 11, such as the new Copilot app. It's also possible that other features may be on the way, but Microsoft has not released any further information on the subject. It was originally stated that Windows 10 version 22H2 would be its final feature update, but that appears to not be true anymore.

Read more