A serious security flaw discovered in Windows 10 allows non-administrative users to gain system-level access during upgrades of certain versions of the operating system.
The flaw was first discovered several months ago by white-hat Sami Laiho who held off on making the news public so that Microsoft could address the issue.
As Laiho describes:
“The installation of a new build is done by reimaging the machine and the image installed by a small version of Windows called Windows PE (Preinstallation Environment).”
“This has a feature for troubleshooting that allows you to press SHIFT+F10 to get a Command Prompt. This sadly allows for access to the hard disk as during the upgrade Microsoft disables BitLocker.”
There are currently no know fixes to the issue although Laiho does provide the following:
- Don’t allow unattended upgrades.
- Keep very tight watch on the Insiders (builds).
- Stick to LTSB version of Windows 10 for now.