When someone asks you to troubleshoot a problem, it’s because there is something that is preventing their solutions from working properly, which they need them to do. In business, this happens all the time. This is why every business provides some semblance of support with their product or service. What happens, however, when the act of troubleshooting makes something worse. One security analyst came across this problem in an unlikely place: Microsoft’s newest desktop operating systems, Windows 10.
Sami Laiho, a software and network security expert, and reputed “Microsoft MVP”, discovered that by keying in Shift + F10 during a “Feature Update” (previously known as “Upgrade), a user could access a Command Prompt window with total control over the machine. Making matters worse, current Microsoft updates disable BitLocker while in progress, giving that user complete access to all connected hard disks.
We don’t have to tell you that if that person had nefarious intentions, they would absolutely be able to manipulate the machine through the command-line interface. While this process would have to be completed quickly if a user was to take advantage of this vulnerability, it’s a vulnerability all the same and should be taken into consideration by your organization’s network security support when updating or patching Windows 10.
Lailo has been in contact with Microsoft, which is developing a resolution. Until then, stay vigilant in the management of what users have access to a workstation anytime that “Feature update” is running. When Microsoft finishes their patch for this vulnerability, you will want to immediately want to apply it.
For more information about critical vulnerabilities, patch management, and overall workstation maintenance, call 407-830-1434 and talk with the IT experts at SemTech IT Solutions.