Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Security Software Windows Microsoft Operating Systems Privacy Build Technology

Holding Shift + F10 During Windows 10 Updates Opens Root CLI, Bypasses BitLocker (bleepingcomputer.com) 138

An anonymous reader quotes a report from BleepingComputer: Windows security expert and infrastructure trainer Sami Laiho says that by holding SHIFT + F10 while a Windows 10 computer is installing a new OS build, an attacker can open a command-line interface with SYSTEM privileges. This CLI debugging interface also grants the attacker full access to the computer's hard drive data, despite the presence of BitLocker. The CLI debugging interface is present when updating to new Windows 10 and Windows 10 Insiders builds. The most obvious exploitation scenario is when a user leaves his computer unattended during the update procedure. A malicious insider can open the CLI debugger and perform malicious operations under a root user, despite BitLocker's presence. But there are other scenarios where Laiho's SHIFT + F10 trick can come in handy. For example when police have seized computers from users who deployed BitLocker or when someone steals your laptop. Windows 10 defaults help police/thieves in this case because these defaults forcibly update computers, even if the user hasn't logged on for weeks or months. This CLI debugging interface grants the attacker full access to the computer's hard drive, despite the presence of BitLocker. The reason is that during the Windows 10 update procedure, the OS disables BitLocker while the Windows PE (Preinstallation Environment) installs a new image of the main Windows 10 operating system. "This [update procedure] has a feature for troubleshooting that allows you to press SHIFT + F10 to get a Command Prompt," Laiho writes on his blog. "The real issue here is the Elevation of Privilege that takes a non-admin to SYSTEM (the root of Windows) even on a BitLocker (Microsoft's hard disk encryption) protected machine." Laiho informed Microsoft of the issue and the company is apparently working on a fix.
This discussion has been archived. No new comments can be posted.

Holding Shift + F10 During Windows 10 Updates Opens Root CLI, Bypasses BitLocker

Comments Filter:
  • by Anonymous Coward

    Someone tell this guy that launching any Windows install DVD in repair mode allows you to do such amazing things as replace the sticky keys executable with cmd.exe, allowing anybody with physical access to launch a command prompt from the login screen by pressing shift a couple times.

  • by Bruce66423 ( 1678196 ) on Tuesday November 29, 2016 @09:05PM (#53389631)

    Surely that's not good! Such behaviour is only justified if the software developer refuses to do anything about it

  • by Anonymous Coward on Tuesday November 29, 2016 @09:06PM (#53389635)

    Microsoft is finally backing away from their focus on privacy invasion in Win10 and going back to concentrate on their core competency, lack of security.

    I was really starting to get worried. Whew.

  • by Anonymous Coward

    At least from Windows 7 you could've opened that console from almost every phase of the setup. A new Dell laptop turning on for the first time can be "broken in" the same way. You can insert a backdoor and sysprep it back to the "first-run" state, if you wish so. It's all documented. (I know, physical access, etc.)

    It has now became a problem because Windows 10's "big updates" are basically running the full setup of a new system build while migrating the user data. This actually invokes the standard Windows

    • That is actually a feature. Linux has rescue disks too you know to troubleshoot dead systems

      • by Anonymous Coward

        Windows setup actually *is* a stripped-down version of Windows. And it has a recovery console by design, yeah.

        This problem translated to Linux land:

        When you upgrade from Debian 8 to 8.1 you get Debian's full setup running and you can press Alt-F2 to get a root console. The update was initiated automatically on a timer. While you have your HDD/SSD secured with cryptsetup the setup itself needs access, so it has to be unlocked. The console allows anyone to do anything if they catch the update running.

  • by Espectr0 ( 577637 ) on Tuesday November 29, 2016 @09:36PM (#53389767) Journal

    Shift-F10 has existed for lots of years know. Requires physical access. Windows build updates require to decrypt the drive.

    • by BitterOak ( 537666 ) on Tuesday November 29, 2016 @10:15PM (#53389997)

      Shift-F10 has existed for lots of years know. Requires physical access. Windows build updates require to decrypt the drive.

      "Requires physical access"???? The WHOLE POINT of hard disk encryption is to protect you in the event someone gains physical access to your computer! (Assuming you're not logged in at the time, of course!)

      • by Malc ( 1751 )

        How often do people walk away from their computers whilst it's updating and they're in an environment where somebody will come and physically compromise their machine? It's sounds like a failrly remote possibility. Somebody might just as likely take a look inside your wallet if you leave that on your desk at work whilst you grab a coffee and use the information they find for identity theft. Yes there's a possibility of a serious exploit, but honestly, what's the liklihood of it being exploited? There ar

      • If you have bitlocker configured - with a tpm+pin - it requires a pin to boot the machine (to do the windows upgrade to do the shift + f10 trick), say you do boot it - you'll still need a login - with local admin to run the update. And guess what - if you have local admin you can just switch off the protectors inside the existing version of windows. Plus most well run enterprises aren't going to allow the machine to be patched in this manner.

        In other words - if your corporate security policies are even half

    • by Skuld-Chan ( 302449 ) on Wednesday November 30, 2016 @02:49AM (#53390829)

      Not to mention most corporations won't be upgrading machines without using management software. This is such a non story.

  • by Excelcia ( 906188 ) <kfitzner@excelcia.ca> on Tuesday November 29, 2016 @09:53PM (#53389857) Homepage Journal

    Is this really surprising? From the company that just made accepting every update they want to push mandatory? I didn't trust Microsoft before they did that, now it's just blatant in your face "we own your computer". The fact that anyone trusts BitLocker is what astounds me.

    Your Windows 10 friends are:
    1) Windows Update Mini Tool [wilderssecurity.com]. Gives you back control of your windows update experience.
    2) Windows updates details [live.com]. A spreadsheet maintained with every patch and what it does. Microsoft gets more and more evasive with their explanations of what their patches do, this is a good site for info. And, for heaven's sake, please please please get...
    3) VeraCrypt [codeplex.com]. Based on TrueCrypt 7.1, development was continued by the community. Security audits have been done on this code base and, while no non-trivial software can ever be proven completely safe, I trust this software far more than BitLocker (which I actively distrust).

    My Windows 7 laptop was safe from the whole Windows 10 upgrade debacle and the "we are going to upgrade your OS unless you happen to catch this message in time and say no" nagware because I carefully and meticulously have always gone over every windows update that goes on my computer. It was with literal astonishment that I learned that update is mandatory in Windows 10. I can't believe people stand for it. I've managed to work around it, but that was really the last straw for me. I have finally migrated mostly to Linux. I have used it for my servers and personal cloud services since the days of SLS but never really adopted for my desktop. I kept it for stuff I couldn't do in Windows. Now I've reversed that, using Linux for everything I can and only using Windows for gaming or software I absolutely can't do in Linux.

    • ...The fact that anyone trusts BitLocker is what astounds me.


      What astounds me is the ignorance over the attraction of using BitLocker in business, which is the inherent price tag; free.

      Trust has fuck-all to do with it when you can check off the "whole-disk encryption" requirement cheaply and move on, regardless of effectiveness.

      This is also sadly the reason we'll probably not see a fix for this anytime soon.

    • So, since you do not trust Microsoft... Why do you use Win7 at all?

    • by WallyL ( 4154209 )

      Windows 10 is what pushed me to Linux on the desktop as well. I game on my one Windows desktop, and run a free and non-spywared OS everywhere else now!

  • by Nkwe ( 604125 ) on Tuesday November 29, 2016 @09:59PM (#53389905)
    If you are doing BitLocker correctly, you have to type in a password every time you boot the computer. If you are doing is really right, that password is only a PIN used to unlock the actual encryption key stored in a Trusted Platform Module (hardware protected crypto storage device). This means that although a computer may update itself automatically if it gets powered up by an adversary, thus opening an opportunity for the diagnostic shell to have access to a temporarily disabled BitLocker, this could only happen if the adversary knows (or can coerce) the BitLocker password from you. While some may believe that there is a backdoor to BitLocker, this particular diagnostic window is not it because it should never be accessible by an adversary.
    • How many people didn't even read the summary, but have an expert analysis on why it's wrong?

    • You are wrong. I suggest reading Microsoft's documentation regarding "key protectors" if anything I say is confusing.

      The Windows updater runs as system, which means it can do anything an administrator can do.

      An administrator can suspend Bitlocker, which temporarily stores the volume encryption key in cleartext so that it will automatically mount.

      It is easily conceivable that Windows Update is preparing the updates, suspending Bitlocker, rebooting, completing the installation, and reenabling Bitlocker.


      • by Nkwe ( 604125 )
        My point is that while an administrator or the system itself can remove or suspend BitLocker, the system has to be up and running for this to occur. If you are using BitLocker correctly, booting the system (getting it up and running) requires human interaction in the form of PIN or password entry. BitLocker (and hard drive encryption in general) does not protect running systems, it protects systems that are shut down and powered down. It may protect hibernated systems in certain cases, but I wouldn't count
  • by gweihir ( 88907 ) on Tuesday November 29, 2016 @10:40PM (#53390097)

    Because the article does not say and that would be the one critical piece of information. Seems to be more people that report without any understanding because otherwise that piece of information would have been in there. Now, getting SYSTEM, but BitLocker protected data is inaccessible is no big deal: Just boot a recovery CD to get the same. If, on the other hand, this allows really bypassing BitLocker (which protects data, _not_ the boot process) meaning access to encrypted data without the password, then BitLocker would have a big bad obvious backdoor. I somehow doubt that is the case.

    My money is on shoddy, sensationalist and utterly worthless reporting which has become so common these days.

  • You can get an administrative shell by booting from installer media and pressing Shift+F10 without ever kicking of an install or upgrade. I typically use this to run diskpart to create a VHD to try out new Windows Insider builds via multiboot without borking my primary OS installation.

    There is no security without physical security. Typing a Bitlocker key to unlock your drive before booting may be a PITA but its worth it if you value your privacy.
  • but, how is this news? You can Shift + F10 to get a CLI using a Windows 10 install disk locally too (written, on Windows 10, at work).

  • by Computershack ( 1143409 ) on Wednesday November 30, 2016 @10:14AM (#53392259)
    Given that you have to have physical access to the machine to do this then this being an exploit is the least of your worries and your security failed long before the keyboard was touched.
  • It's been a publicised setup feature since at least Windows 2000, WIndows XP and Windows Server 2003!

    Description of the Windows Setup Function Keys
    https://support.microsoft.com/... [microsoft.com]

"An organization dries up if you don't challenge it with growth." -- Mark Shepherd, former President and CEO of Texas Instruments