Major Windows 10 Flaw Allows Subusers To Gain Administrator Privileges

The Windows operating system suffers from a major security vulnerability. A new leak in the OS allows attackers to bypass BitLocker encryption and gain administrator access to the device–a worrisome development for computer users, which may also affect IoT devices running Windows 10. Microsoft has released a patch since the flaw was discovered, but it shows that there is still a lot of work to be done.

Microsoft Patches Potential Killer Windows 10 Flaw

It is positive to see the technology giant take this type of feedback to heart and address problems as they arise. Sami Laiho, a Windows expert, discovered this vulnerability a few weeks ago. A local assailant could bypass the BitLocker encryption found in Windows 10 and completely take over the machine as a result.

This flaw is made possible due to the feature of updates rolled out as part of Windows 10. For example, the recent Anniversary Update proves to be quite a security risk. Every single update leads to the creation of an “image” and installs it without the Windows preinstallation environment. This process, however, is vulnerable to attack, and users can still access the command prompt during this stage by pressing “Shift” and “F10” at the same time.

Using said command prompt opens up a virtual can of worms, as attackers can access all files on the hard drive. In most cases, the details would be encrypted by BitLocker, but that is not the case when accessing them from this environment. Additionally, the command prompt is executed with full administrator rights, which is not positive news for any system admin.



Related Post

In the video posted by Laiho, he showcased replacing Windows shortcuts with the command prompt during the update process. Once that step was completed, he was able to gain access to a full admin access command prompt, despite only being a sub-user of the computer itself. All he had to do was press the “Shift” key five times to take advantage of this flaw.

Every time a new Windows 10 update is released, systems not installing the latest security updates will remain vulnerable to this type of attack. An alternative option would be for assailants to access the Insider program, although that is far more difficult. Although criminals do not shy away from challenges, there is no reason to make things more difficult than need be.

Thankfully, Microsoft patched this vulnerability through a security update. Users will still need to download this patch to ensure that their systems are safe, though. Remaining vigilant and limiting the access to the command prompt are two possible solutions. Then again, anyone with local access to the machine is capable of bypassing unpatched security precautions, regardless.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Ethereum Down While Bitcoin, Solana, and JetBolt Skyrocket In End November 2024

Ethereum stumbles as Bitcoin surges past $97K, Solana eyes new highs, and JetBolt’s presale shakes…

2 hours ago

Top 5 Best Crypto Presales to Grab Now: Don’t Miss These December Week 1 Gems

The crypto market is a buzz with promising presales as 2024 draws the curtains. With…

3 hours ago

Cheems Surge On BSC Network: A Rising Star With Growing Market Value

The Cheems token on the Binance Smart Chain (BSC) is gaining significant momentum, surging by…

11 hours ago

Lester Token Crashes 40% Following Official Announcement

The value of $LESTER plummeted by 40% in the past 24 hours, leaving its market…

11 hours ago

From $30K To Millions: The Wild Journey Of $Quant And Xiaohaige’s Memecoin Stunts

In a bizarre turn of events, a young live-streamer known as Xiaohaige created the memecoin…

11 hours ago

Whale “convexcuck.eth” Makes Bold $CVX Move, Nets Significant Profit Amid Price Surge

The crypto whale known as "convexcuck.eth" has made waves in the DeFi world, spending $2…

11 hours ago