Sami Laiho, a software and network security expert, and reputed ?Microsoft MVP?, discovered that by keying in Shift + F10 during a ?Feature Update? (previously known as ?Upgrade), a user could access a Command Prompt window with total control over the machine. Making matters worse, current Microsoft updates disable BitLocker while in progress, giving that user complete access to all connected hard disks.
We don?t have to tell you that if that person had nefarious intentions, they would absolutely be able to manipulate the machine through the command-line interface. While this process would have to be completed quickly if a user was to take advantage of this vulnerability, it’s a vulnerability all the same and should be taken into consideration by your organization’s network security support when updating or patching Windows 10.
Lailo has been in contact with Microsoft, which is developing a resolution. Until then, stay vigilant in the management of what users have access to a workstation anytime that ?Feature update? is running. When Microsoft finishes their patch for this vulnerability, you will want to immediately want to apply it.
For more information about critical vulnerabilities, patch management, and overall workstation maintenance, call (603) 889-0800 and talk with the IT experts at White Mountain IT Services.