Users and system administrators of Microsoft Windows 10 should be very cautious about leaving systems unattended or exposed during Windows Feature Updates. Apparently, it only takes two fingers to hack the Operating System during these critical and vulnerable moments!
Sami Laiho, a software and network security expert, and reputed “Microsoft MVP”, discovered that by keying in Shift + F10 during a “Feature Update” (previously known as “Upgrade), a user could access a Command Prompt window with total control over the machine. Making matters worse, current Microsoft updates disable BitLocker while in progress, giving that user complete access to all connected hard disks.
We don’t have to tell you that if that person had nefarious intentions, they would absolutely be able to manipulate the machine through the command-line interface. While this process would have to be completed quickly if a user was to take advantage of this vulnerability, it’s a vulnerability all the same and should be taken into consideration by your organization’s network security support when updating or patching Windows 10.
Lailo has been in contact with Microsoft, which is developing a resolution. Until then, stay vigilant in the management of what users have access to a workstation anytime that “Feature update” is running. When Microsoft finishes their patch for this vulnerability, you will want to immediately want to apply it.
For more information about critical vulnerabilities, patch management, and overall workstation maintenance, call 724-473-3950 and talk with the IT experts at Managed IT Force.
About the author
Dan has 25 years of progressive experience in the IT industry. He has led three successful companies focused on small and medium business IT solutions since 1997.
Tag Cloud
Comments