Every Windows 10 in-place Upgrade is a SEVERE Security risk
>The real issue here is the Elevation of Privilege that takes a non-admin to SYSTEM (the root of Windows) even on a BitLocker (Microsoft's hard disk encryption) protected machine.
>
There is a small but CRAZY bug in the way the "Feature Update" (previously known as "Upgrade") is installed. The installation of a new build is done by reimaging the machine and the image installed by a small version of Windows called Windows PE (Preinstallation Environment). This has a feature for troubleshooting that allows you to press SHIFT+F10 to get a Command Prompt. This sadly allows for access to the hard disk as during the upgrade Microsoft disables BitLocker. I demonstrate this in the following video. This would take place when you take the following update paths:
>Windows 10 RTM --> 1511 or 1607 release (November Update or Anniversary Update)
>Any build to a newer Insider Build (up to end of October 2016 at least)
Hourly reminder that if you want a secure system stay the fuck away from microshit products
Source
http://blog.win-fu.com/2016/11/every-windows-10-in-place-upgrade-is.html
So a vulnerability only accessible with physical access during a system upgrade.
So not a real one then, neat.
>>58183246
Quality damage control. Do you even get paid for these low energy shilling?
>>58183206
This has always been true with any major updates, including the old Service Packs. The OS needs to suspend whatever FDE software you're using, whether it be Bitlocker or something else.
I can't believe people are this retarded.
>>58183206
>This has a feature for troubleshooting that allows you to press SHIFT+F10 to get a Command Prompt
If someone has physical access to your computer it's not your computer anymore.
>>58183277
So if a stranger sits in front of an office computer we'll start thinking the computer is gone, right?
Fuck off
>>58183273
If you need physical access to a machine the actual risk is drastically reduced.
At that point you should have the access to the machine's password (for support) or are at their home and can break their legs for the password anyways.
>>58183273
>physical access
Typical lincux, acting like any non-issue is the end of windows.
>>58183456
Ah buttmad wincuckold controlling damage so hard
I'm somewhat less worried about someone physically accessing my computer when I'm doing an update than... well more or less anything else I can think of.
>>58183479
There is no damage to be controlled. Now catch your breath and get back to compiling your guh-noam packages autismotron.
>>58183294
Actually yes. Never leave your computer alone. If somebody breaks into your home and you won't come back in 5 minutes, then it is the same as if someone stole your computer. Physical access means getting rekt the easy way.
>>58183542
lel are you having a stroke LMAO
>>58183547
>hurr durr take your office desktop with you to home :ddd
>>58183567
They've been doing that for years.
Small vulnerability is some Linux program or tool that gets patched within hours
>this /v subreddit and DESIGNATED INDIAN SHILLING board goes nuts about it.
Major vulnerability in Windows that won't be patched for years to come and grants full access to the system
>full damage control
>>58183206
>Windows 10
>disables BitLocker
How can they even "disable" disk encryption on the fly like that?
>>58183986
masterkeys.
>using anything other than Linux or macOS
>using a video game OS for anything other than video games
Windows should just be a fresh install on a gaymen r1g with drivers needed to run your LED configurations. Who the fuck uses Windows 10 especially for personal use? Windows will never fix itself. There is no incentive for Microsoft to overhaul that piece of shit.
>that linux neck beard who shits on /g/ 24/7 and can't contain his butthurt
>>58183327
Since Wincuck 10 randomly updates without user input, you just have to steal the machine and wait for it to inevitably install updates
>>58184162
and what do you do with your now-stolen machine? you can't exactly silently reinstall it in the place you stole it from, all it's good for would be another computer for you to have, at which point why the fuck would you wait instead of just reinstalling windows on it?
>>58184048
> Who the fuck uses Windows 10 especially for personal use?
Normies with a normal life, a normal family and a job.
>>58184214
well since this vuln opens bitlocker keys by default you could take what you want from the bitlocker volume and toss the fucking thing in a river.
>Requires physical access
Irrelevant.
Wow, isn't it funny the way known security vulnerabilities directly scale with popularity. It's almost like nobody bothers to hack your linux desktop.
>>58184673
>>58184797
DESIGNATED DAMAGE CONTROL
>>58184797
YEAH TOTALLY NOT IN SERVERS, EMBEDDED CHIPS AND SUPER COMPUTERS: PRETTY MUCH EVERYWHERE
>>58184673
Oh, but when it's Linux we need to make 20 threads about it
so many designated poojeets itt
>>58184162
>Since Wincuck 10 randomly updates without user input
Your fault for not using LTSB.
>>58184834
>steam OS
>0%
>android console
>0%
kek. That's sad to report it as 0%.
I still wonder how much people would make the switch to linux if it had all their games