The Windows operating system suffers from a major security vulnerability. A new leak in the OS allows attackers to bypass BitLocker encryption and gain administrator access to the device–a worrisome development for computer users, which may also affect IoT devices running Windows 10. Microsoft has released a patch since the flaw was discovered, but it shows that there is still a lot of work to be done.
It is positive to see the technology giant take this type of feedback to heart and address problems as they arise. Sami Laiho, a Windows expert, discovered this vulnerability a few weeks ago. A local assailant could bypass the BitLocker encryption found in Windows 10 and completely take over the machine as a result.
This flaw is made possible due to the feature of updates rolled out as part of Windows 10. For example, the recent Anniversary Update proves to be quite a security risk. Every single update leads to the creation of an “image” and installs it without the Windows preinstallation environment. This process, however, is vulnerable to attack, and users can still access the command prompt during this stage by pressing “Shift” and “F10” at the same time.
Using said command prompt opens up a virtual can of worms, as attackers can access all files on the hard drive. In most cases, the details would be encrypted by BitLocker, but that is not the case when accessing them from this environment. Additionally, the command prompt is executed with full administrator rights, which is not positive news for any system admin.
In the video posted by Laiho, he showcased replacing Windows shortcuts with the command prompt during the update process. Once that step was completed, he was able to gain access to a full admin access command prompt, despite only being a sub-user of the computer itself. All he had to do was press the “Shift” key five times to take advantage of this flaw.
Every time a new Windows 10 update is released, systems not installing the latest security updates will remain vulnerable to this type of attack. An alternative option would be for assailants to access the Insider program, although that is far more difficult. Although criminals do not shy away from challenges, there is no reason to make things more difficult than need be.
Thankfully, Microsoft patched this vulnerability through a security update. Users will still need to download this patch to ensure that their systems are safe, though. Remaining vigilant and limiting the access to the command prompt are two possible solutions. Then again, anyone with local access to the machine is capable of bypassing unpatched security precautions, regardless.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.
Ethereum stumbles as Bitcoin surges past $97K, Solana eyes new highs, and JetBolt’s presale shakes…
The crypto market is a buzz with promising presales as 2024 draws the curtains. With…
The Cheems token on the Binance Smart Chain (BSC) is gaining significant momentum, surging by…
The value of $LESTER plummeted by 40% in the past 24 hours, leaving its market…
In a bizarre turn of events, a young live-streamer known as Xiaohaige created the memecoin…
The crypto whale known as "convexcuck.eth" has made waves in the DeFi world, spending $2…