Usually, when a troubleshooting feature is put in place, it is meant to assist the user in resolving an issue. However, one such feature in Windows 10 could ultimately lead to more problems, as it also can serve as a free-ride vulnerability for an opportunist bystander.
Security expert Sami Lailo discovered that if someone keys in Shift + F10 during a ‘Feature Update’ in Windows 10, they are able to access a Command Prompt window with Admin privileges. Compounding this with the fact that Microsoft updates disable BitLocker while they are in progress, means that someone could feasibly access the hard disk without the aid of any external device.
If that someone happened to be ill-intentioned, they could potentially wreak havoc through the command-line interface. Admittedly, the perpetrator would have to move quickly, but if they had come in with a plan and the foreknowledge of a Feature Update being implemented, they would have plenty of time to do what they had come to do.
Lailo reached out to Microsoft, and the company is now working to resolve this issue.
The current fix? Don’t leave an updating workstation unattended, despite the long periods of time updates can sometimes take.
Once Microsoft releases a patch, businesses and organizations will want to apply it. Keep in mind, any DatCom, LLC clients on our managed services will have the update applied once it is tested. Give us a call at (903) 842-2220 to learn more.