Hit Shift-F10 during Windows Update gives you CMD.exe which bypasses Bitlocker

CIGslip

A security researcher- Sami Laiho discovered a amazing thing on Windows Update process. He found that on your Windows Update, you press Shift + F10, then you can get Command Prompt which also bypasses Bitlocker. He write on your blog:

"There is a small but CRAZY bug in the way the "Feature Update" (previously known as "Upgrade") is installed. The installation of a new build is done by reimaging the machine and the image installed by a small version of Windows called Windows PE (Preinstallation Environment). This has a feature for troubleshooting that allows you to press SHIFT+F10 to get a Command Prompt. This sadly allows for access to the hard disk as during the upgrade Microsoft disables BitLocker."

The best worst things here is an normal use can escalate your privilege to SYSTEM although BitLocker enabled. The Windows version can been affected by this bug:

  • Windows 10 RTM –> 1511 or 1607 release (November Update or Anniversary Update)
  • Any build to a newer Insider Build (up to end of October 2016 at least)

Demonstrate

https://www.youtube.com/watch?v=PS5BzcP5R5o

Solutions for this bug:

  • Don’t allow unattended upgrades
  • Keep very tight watch on the Insiders
  • Stick to LTSB version of Windows 10 for now

Source: http://blog.win-fu.com/2016/11/every-windows-10-in-place-upgrade-is.html