Major Windows 10 Flaw Allows Subusers To Gain Administrator Privileges

The Windows operating system suffers from a major security vulnerability. A new leak in the OS allows attackers to bypass BitLocker encryption and gain administrator access to the device–a worrisome development for computer users, which may also affect IoT devices running Windows 10. Microsoft has released a patch since the flaw was discovered, but it shows that there is still a lot of work to be done.

Microsoft Patches Potential Killer Windows 10 Flaw

It is positive to see the technology giant take this type of feedback to heart and address problems as they arise. Sami Laiho, a Windows expert, discovered this vulnerability a few weeks ago. A local assailant could bypass the BitLocker encryption found in Windows 10 and completely take over the machine as a result.

This flaw is made possible due to the feature of updates rolled out as part of Windows 10. For example, the recent Anniversary Update proves to be quite a security risk. Every single update leads to the creation of an “image” and installs it without the Windows preinstallation environment. This process, however, is vulnerable to attack, and users can still access the command prompt during this stage by pressing “Shift” and “F10” at the same time.

Using said command prompt opens up a virtual can of worms, as attackers can access all files on the hard drive. In most cases, the details would be encrypted by BitLocker, but that is not the case when accessing them from this environment. Additionally, the command prompt is executed with full administrator rights, which is not positive news for any system admin.



Related Post

In the video posted by Laiho, he showcased replacing Windows shortcuts with the command prompt during the update process. Once that step was completed, he was able to gain access to a full admin access command prompt, despite only being a sub-user of the computer itself. All he had to do was press the “Shift” key five times to take advantage of this flaw.

Every time a new Windows 10 update is released, systems not installing the latest security updates will remain vulnerable to this type of attack. An alternative option would be for assailants to access the Insider program, although that is far more difficult. Although criminals do not shy away from challenges, there is no reason to make things more difficult than need be.

Thankfully, Microsoft patched this vulnerability through a security update. Users will still need to download this patch to ensure that their systems are safe, though. Remaining vigilant and limiting the access to the command prompt are two possible solutions. Then again, anyone with local access to the machine is capable of bypassing unpatched security precautions, regardless.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

TRX Price Prediction: Tron Network Fee Cut to Spark New ATH?

Back into Spotlight: Tron Network Fee Cut Could Push TRX to ATH, But This DeFi…

7 hours ago

Altcoin Alert: Crypto Market Cap Breaches Key Level Hinting at an 8000x Rally for this Shiba Inu Killer

Shiba Inu (SHIB) gave enormous returns in 2021, making many early holders millionaires. After the…

11 hours ago

XRP Crash? XRP Falls Below $0.5 Resistance Level as Next Gen Altcoin JetBolt Takes Over

Spooky season might be over but doom is still looming as Ripple’s XRP falls below…

14 hours ago

This New Exchange Token Is Poised for a Price Surge Alongside Cardano and Avalanche – Analysts Predict Huge Gains This November

Three promising altcoins are causing a stir among investors this November: Avalanche (AVAX), Cardano (ADA),…

15 hours ago

With Dogecoin Dipping and TRON Holding, Is Lunex the Hottest Crypto Now?  

Everyone knows what the hottest crypto can do. When it was so hot it was…

15 hours ago

Tron Fees To Be Cut In Half Through Proposal 95, Cutoshi Surpasses $600k As TRX Investors Join CUTO Presale

The Tron network has witnessed incredible growth in several areas, especially in its adoption, which…

16 hours ago