Just Pressing Shift+F10 During Windows 10 Update Makes Your PC Super Easy To Hack Don't leave your machines unattended during the update.

Just Pressing Shift+F10 During Windows 10 Update Makes Your PC Super Easy To Hack

Don't leave your machines unattended during the update.

shift-f10-hack-windows-10
Short Bytes: A security researcher named Sami Laiho has found a simple flaw in the Windows 10 update procedure that can let a hacker bypass BitLocker and access elevated Command Line. To do so, one needs to hold Shift+F10 during the update process. Laiho advises the users to avoid leaving their PCs unattended during the update process.
By taking the advantage of an underlying bug in the new build of Windows 10, an attacker can access an elevated Command Line interface in the Windows Preinstallation Environment by simply holding Shift+F10 during the update process.
As the Command Line interface grants the administrative privileges, the hacker can access the computer’s hard drive by automatically bypassing BitLocker encryption–a feature that’s supposed to add an extra layer of security to your personal files.. This is possible due to a troubleshooting feature that lets one press the key combination to open the interface.
Explaining the bug, in his blog post, security researcher Sami Laiho writes that when a new build is being deployed, BitLocker is suspended. Thus, the TPM and password checks are both bypassed.
This bug not only affects the PCs running insider builds of Windows 10, but also the systems updating from Windows 10 RTM version to November or Anniversary update.
This flaw has been present in Windows 7 and 8 versions as well, but it has come into the limelight after Windows 10 in-place upgrades.
Here, the real issue is the privilege escalation that takes a non-admin to system, even with BitLocker enabled. This becomes scary when an attacker just needs to wait for the next upgrade on an unattended machine.
To tackle this situation, there is a simple solution that tells you to don’t allow unattended upgrades and keep a close eye on your PC. Until a fix is offered, one can also choose to stick to LTSB version of Windows 10 for now.
You can read more about the flaw exploitation and watch its video on Laiho’s blog.

Comments

Post a Comment

Popular posts from this blog

Learn Programming For Free | Best Learning Resources

Image
Learn Programming For Free | Best Learning Resources Short Bytes:  Many universities have free educational offerings in a variety of disciplines. This can make it exceedingly easy to obtain a slightly more formal education in many fields than simply reading odds and ends online. Here are some universities and their websites where you can take full advantage of their generosity. T here are always some inherent difficulties to studying without the benefit of a mentor or formal teacher. It often boils down to the fact that you don’t know what you don’t know. That is to say, you are unaware of the materials that you should learn in order to progress in your study. Many websites to aim to help with this, but without a curriculum, it can be fairly difficult to make your way from point  A  to point  B , and even with a curriculum to follow, you still might have to hunt down some good examples and tutorials on the different components of that curriculum. Not very many people are aware
Read more

How To Enable/Disable Secure Boot In Windows 8, 8.1, And 10?

Image
How To Enable/Disable Secure Boot In Windows 8, 8.1, And 10? Short Bytes:  Windows 8 and later versions of Windows come with UEFI Firmware settings which allow a user to disable any external intervention via USB, external drive etc. This is called Secure Boot option in Windows 8 operating system. Disabling the secure boot option in the Windows 8, or later, can help you interfere externally with your Windows and install operating systems other than Windows. S ometimes, we want  two operating systems to run on our PCs- -Windows and Ubuntu, or Windows and Fedora. If the secure boot option is enabled on your computer, it might not allow booting two operating systems. So, you need to disable secure boot on your personal computer in order to do some external intervention in Windows. Secure Boot option is integrated with BIOS of your PC. So, in short, you need to restart your PC in the BIOS mode and change the secure boot option there. Here’s how to do it– What is the sec
Read more

How to Keep Your WhatsApp Data Safe With Google Drive and Encryption

Image
How to Keep Your WhatsApp Data Safe With Google Drive and Encryption Short Bytes:  To keep your WhatsApp data safe and encrypted,   WhatsApp has partnered with Google Drive. Take a look to know how to enable this lifesaver feature. L osing all the precious WhatsApp pictures and videos is something that a good friend of mine faced recently. There are some simple ways to  recover data from your external SD-card , but getting the same from your smartphone’s internal memory is a tough job. Now, WhatsApp has brought a lifesaver functionality in its instant messaging app by joining hands with Google to keep your WhatsApp data safe. Now, losing your WhatsApp pictures, chats, videos and videos are a thing of past due to the newly-introduced integration of Google Drive with WhatsApp. On its blog, Google announced a new partnership, that will let you create a private Google Drive backup of your chat history, voice messages, photos, and videos for the Android WhatsApp app. As
Read more