Every Windows 10 in-place Upgrade is a SEVERE Security risk >The real issue here is the Elevation of Privilege that takes a non-admin to SYSTEM (the root of Windows) even on a BitLocker (Microsoft's hard disk encryption) protected machine.
> There is a small but CRAZY bug in the way the "Feature Update" (previously known as "Upgrade") is installed. The installation of a new build is done by reimaging the machine and the image installed by a small version of Windows called Windows PE (Preinstallation Environment). This has a feature for troubleshooting that allows you to press SHIFT+F10 to get a Command Prompt. This sadly allows for access to the hard disk as during the upgrade Microsoft disables BitLocker. I demonstrate this in the following video. This would take place when you take the following update paths:
>Windows 10 RTM --> 1511 or 1607 release (November Update or Anniversary Update) >Any build to a newer Insider Build (up to end of October 2016 at least)
Hourly reminder that if you want a secure system stay the fuck away from microshit products
So a vulnerability only accessible with physical access during a system upgrade. So not a real one then, neat.
Aiden James
Quality damage control. Do you even get paid for these low energy shilling?
Cameron Phillips
This has always been true with any major updates, including the old Service Packs. The OS needs to suspend whatever FDE software you're using, whether it be Bitlocker or something else.
I can't believe people are this retarded.
Colton Hill
>This has a feature for troubleshooting that allows you to press SHIFT+F10 to get a Command Prompt If someone has physical access to your computer it's not your computer anymore.
Asher Ward
So if a stranger sits in front of an office computer we'll start thinking the computer is gone, right?
Fuck off
Angel Myers
If you need physical access to a machine the actual risk is drastically reduced.
At that point you should have the access to the machine's password (for support) or are at their home and can break their legs for the password anyways.
Parker Young
>physical access
Gabriel Jones
See
Elijah Sanders
Typical lincux, acting like any non-issue is the end of windows.
Christian Moore
Ah buttmad wincuckold controlling damage so hard
Jeremiah Collins
I'm somewhat less worried about someone physically accessing my computer when I'm doing an update than... well more or less anything else I can think of.
Christian Reed
There is no damage to be controlled. Now catch your breath and get back to compiling your guh-noam packages autismotron.
Jordan Diaz
Actually yes. Never leave your computer alone. If somebody breaks into your home and you won't come back in 5 minutes, then it is the same as if someone stole your computer. Physical access means getting rekt the easy way.
Ian Davis
lel are you having a stroke LMAO
Henry Nelson
>hurr durr take your office desktop with you to home :ddd
Wyatt Torres
They've been doing that for years.
Easton Ross
Small vulnerability is some Linux program or tool that gets patched within hours >this /v subreddit and DESIGNATED INDIAN SHILLING board goes nuts about it. Major vulnerability in Windows that won't be patched for years to come and grants full access to the system >full damage control
Wyatt Kelly
>Windows 10
Bentley Lopez
>disables BitLocker How can they even "disable" disk encryption on the fly like that?
Carter Price
masterkeys.
Juan Wright
>using anything other than Linux or macOS >using a video game OS for anything other than video games
Windows should just be a fresh install on a gaymen r1g with drivers needed to run your LED configurations. Who the fuck uses Windows 10 especially for personal use? Windows will never fix itself. There is no incentive for Microsoft to overhaul that piece of shit.
Logan Martinez
>that linux neck beard who shits on Sup Forums 24/7 and can't contain his butthurt
Charles Mitchell
Since Wincuck 10 randomly updates without user input, you just have to steal the machine and wait for it to inevitably install updates
Daniel Sanders
and what do you do with your now-stolen machine? you can't exactly silently reinstall it in the place you stole it from, all it's good for would be another computer for you to have, at which point why the fuck would you wait instead of just reinstalling windows on it?
Joseph Perez
> Who the fuck uses Windows 10 especially for personal use? Normies with a normal life, a normal family and a job.
Justin Sanders
well since this vuln opens bitlocker keys by default you could take what you want from the bitlocker volume and toss the fucking thing in a river.
Henry Morris
>Requires physical access Irrelevant.
Nolan Gutierrez
Wow, isn't it funny the way known security vulnerabilities directly scale with popularity. It's almost like nobody bothers to hack your linux desktop.
Bentley Bennett
DESIGNATED DAMAGE CONTROL
Sebastian Edwards
YEAH TOTALLY NOT IN SERVERS, EMBEDDED CHIPS AND SUPER COMPUTERS: PRETTY MUCH EVERYWHERE
Mason Mitchell
Oh, but when it's Linux we need to make 20 threads about it
Mason Carter
so many designated poojeets itt
Josiah Richardson
>Since Wincuck 10 randomly updates without user input
Your fault for not using LTSB.
Sebastian Smith
>steam OS >0% >android console >0% kek. That's sad to report it as 0%. I still wonder how much people would make the switch to linux if it had all their games
