Hackers can access Windows 10 Command Line Interface with root access as well as bypass BitLocker by pressing Shift + F10 during Windows 10 update
Next time, if you keep your Windows 10 PC/laptop unattended while it is updating, your PC/laptop can get hacked. Thanks to Microsoft’s very poor bug management, getting administrator privileges on a Windows 10 computer no longer requires complex tactics and malware. A potential hacker has to just press the Shift + F10 keys during the update process to gain full root access to a Windows 10 run computer.
Windows security expert Sami Laiho has discovered a simple method to gain root access to the Windows Command Line Interface and bypass BitLocker protection during the Windows 10 update procedure. Laiho says that by holding SHIFT + F10 while a Windows 10 computer is installing a new OS build, an attacker can open a command-line interface with SYSTEM privileges.
The problem with this bug is that the CLI debugging interface grants the hacker full access to the computer’s hard drive and total control of the PC/laptop. The bug is possibly a backdoor for kept open while testing the Windows 10 update by Microsoft Engineers, which they forgot to close. In the event of a Windows 10 update being installed, the OS disables BitLocker to facilitate Windows PE (Preinstallation Environment) to read/write the disk and install new image of the main Windows 10 operating system.
Many tech companies have such backdoors for their software products while testing updates, fixes, and patches. In most cases, the companies release the final product after closing such backdoors but Microsoft simply forgot to close this hack window which could lead to disastrous results.
Laiho says that he informed Microsoft of the issue and the company’s engineers are working on a fix. Now the problem for Microsoft engineers is to release a patch to close this backdoor for millions of Windows 10 users.
Laiho says he successfully brought up the CLI troubleshooting interface while his PC was updating from Windows 10 RTM to version 1511 (November Update) or version 1607 (Anniversary Update). His further research found that he could access the CLI during updates to any newer Windows 10 Insiders Build version, up to the end of October 2016.
Till the time Microsoft patches this Shift + F10 bug, Laiho recommends that users should not leave their computers unattended during a Windows 10 update. “The LTSB-version of Windows 10 is not affected by this as it doesn’t automatically do upgrades,” Laiho says.
Furthermore, Laiho says that Windows SCCM (System Center Configuration Manager) can block access to the command-line interface during update procedures if users add a file named DisableCMDRequest.tag to the %windir%\Setup\Scripts\ folder.