Yeah that and also how they handle the storage of encryption data I guess lol
That's my same thought. In order to get back into the patching mode after reboot TPM would have already activated the windows system, and if you're using FDE you would have had to authenticate the encryption system already.
As far as the part prior to reboot, the encryption would already be bypassed due to windows the system still running off the previously authenticated session.
1 Like
I would think with how MS handles users they should be able to patch this easily enough by making the moment you click restart on a update it also closes out of the current session and starts a new user account with limited and specialized permissions but that would take a level cleverness and intelligence I think MS corporate no longer possesses.
The in-place-upgrade is done by an ad hoc minimal system though, that can do BitLocker, but can it also do VeraCrypt? The system itself is not staying up through the process.
Yeah that's the whole part that intriguing me actually. I'm just assuming it's using the same session for the PE session but I've never had to dig into that so I really don't know. Logically it makes sense since it's still Windows and needs access to the drive. It doesn't use the C: drive in PE/PXE though it uses D: so I'm not sure how that's going to play out with our FDE solution, nor with veracrypt.
It's gonna be interesting.
Shift + F10 has been around forever. This is now only seen as issue because of the forced nature of the major release updates and that Bitlocker is now a thing. In theory the problem is there for 8.1 and probably 7, but no one ever used to do in place upgrades - which is what a Win 10 major update is, it's much more than a Service Pack.
Home edition has no Bitlocker - so the disks are already open, this 'bug' or feature requires full access to the device, so nothing changes.
Corporates will either be using SCCM to manage updates or will likely be using something other than Bitlocker for encryption, so won't see this as an issue - Shift + F10 can also be handy for their admins.
This is a problem for the smaller businesses that buy Win 10 Pro for their laptop users partly for stuff like Bitlocker. It now means that if an encrypted laptop is stolen it could be compromised. It also means that Microsoft could easily help the FBI in a way that Apple refused to do without engineering a backdoor...
Bitlocker should still be fine for protecting external drives or VHD files (although I'd bet there are still other ways in to it).
2 Likes
Yeah, it definitely felt familiar. I remember doing this in the past.
How do we know this isn't something the FBI requested? LoL.
It's been kinda clear now for a while that if you are going to use Windows for something serious there is only Enterprise ed in LTSB mode. Cough up the $$$.
LoL, agreed, it's almost like MS want you to pay out for SCCM so you can mange your own updates.
You guys have not read the full article I think, the problem is the limited ad hoc environment used by in-place-updates. ShiftF10 has been around in Windows since forever, everyone knows that you can get in an install with that, the thing is that the ad hoc upgrade environment apparently knows BitLocker, and bypasses it, so all your data are up for grabs, and it doesn't matter what system you used to time or distribute the upgrades, they will still be executed by the in-place-update ad hoc environment, and will still expose your BitLocker encrypted drive.
No, I understand it completely, but not everyone uses Bitlocker - many can't (Home edition users) and many others choose to use something else (many corporates).
Let's no forget that to use this exploit to circumvent Bitlocker you need to have physical access to the device and either wait for an update or somehow trigger an update. So that makes actually exploiting this flaw a lot more difficult. To be honest I am more concerned by the way that the Bitlocker passphrase caching works and how how Windows temporarily stores one of the keys used in plain-text(!) on the C: drive when it performs the unlock.
The security guys where I work have so far refused to sign off Bitlocker as the encryption solution for company laptops and I can see why.
Yeah it apparently doesn't work with Veracrypt, so it's not only a structural design problem but it also exposed a major BitLocker flaw (as if we didn't know BitLocker was just a scam) in that apparently it can be bypassed without credentials by something as ordinary as an upgrade package.
Physical access to the device will be the big problem though, because this mainly plays in a situation of physical access to a stolen, captured or impounded/seized laptop, whereby the capturers know exactly when to trigger the upgrade, namely when the network goes on.
It's a huge security threat, especially to those that need special protection exactly from this kind of crap.
They backported a lot of the telemetry etc to Win 8.1 / 7 a year ago... Updates to those OS will come bundled 1 time a month.
There is nothing to be scared about.
Agreed 100%. This is typical Microsoft though, what on the surface seems to be a workable solution with a stupid flaw...
Here's another example; SQL Server Transparent Database Encryption. What the picture shows is that I can't let a would be attacker get access to both my encrypted user database files or backups, and the master database file or it's backups.
Of course, by default nearly every SQL Server or Windows Admin will place the database backup files from the same server into the same backup set...
There have been plenty of examples of these kinds of flaws over the years by many software houses. It pisses me off that a company like Microsoft allows it to happen. The recent RHEL Linux in Azure update thing is another example, they just rushed to get something out there without proper analysis and testing of the product. Tsk.
Remember when the NSA keys were discovered in Windows in 1997? Microsoft genuinely didn't understand what was going on... and Gates just got richer and started a well-funded campaign to make the US educational system into a Microsoft software dependent braindead kindergarten.
Seriously, in comparison to people from open source projects, Microsoft people are "different" no? Like as if they were selected for their lesser skills, as if genius can't work at Microsoft...
LOL, true to a certain extent; I've got experience working with different parts of Microsoft going back at least 12 years when I (stupidly?) stepped away from my own little IT support business for a well paid job in a corporation. They do have genius' there, really, they have some world class talent tucked away. But there are is a lot of 'technical' people who are little more than pre-sales, and don't fully understand their products, they hate you asking too many questions. Keeping them at arms length from management who have already been sweetened up by the marketing team is difficult...
...if you dance with the Devil, and all that ;-)
Doh! Do I need to explain why that is the really dumb thing to do? You are basically sticking your head in the sand and hoping shit will just pass you by...
I designed a complete office ITC system with NEC and Cisco, and back then Windows NT was still really big in enterprise, so compatibility had to be ensured, but every piece of hardware - of course - was entirely linux-based, the cisco stuff, the PBX and SIP stuff, the secure document solutions... so it wasn't always simple because those were the days of deep OLE doodoo in MS-Office and unsafe macros everywhere and a lot of ad hoc solutions from compaq and hp and dell to make microsoft NT even work on a similar scalable level as *nix solutions, there was patch code everywhere because Microsoft didn't provide. The 2 people of Cisco did all the work for Microsoft next to all the work for Cisco, the 8 (!) people of Microsoft were pretty much completely useless, they didn't even know the most basic stuff.
Snapshot, triple check everything, never leave anything unattended... or just use one of many *nix solutions, so you can actually get your life back lol
@zoltan is refering to using a *nix based OS instead of Windows. Something like Fedora Linux for example. Linux is completely Open Source with a Copy Left licence - basically it is almost impossible for it to be subverted to become a tool against you. If you are concerned about your personal information and civil liberties learning how to use it properly will really help you safe-guard them.
If you decide that you can't live without Windows you could still run Linux and then install Windows into a Virtual Machine so that it is contained. Lot's of people here will help you to do that, it's a good compromise.
If you need to have Windows as your main OS then I recommend going with 10 but using utilities like ShutUp10 https://www.oo-software.com/en/shutup10 to limit or switch off some of the services. This is not a perfect approach, but is useful. You could also install Linux into a Virtual Machine with an encrypted drive and use that for work that is of a more sensitive nature. People here can help you do that too. Most Open Source software packages are also available for Windows, use them whenever possible to reduce the proprietary software you install. When the time comes that you are on a Linux OS all the tools you use are the same.
For Example: I have to use Windows on some of my machines, but I use Libre Office and Open Source encryption tools and utilities like Glass-wire to see what is passing through my NIC. A large chunk of that are Open Source programmes (even the MS one on the end) and the transistion to when I am in Linux is easy.
This is a screen-shot from my the machine I am on at the moment when it is booted into Win10:
Yep, sounds familar I made some good money for myself around 2000-2004 ripping out Win NT servers that small companies were using and setting them up with SuSE and Samba. The amount of shit going on dropped overnight for most of them as they had been using crappy email solutions that could easily be tricked into becoming Open Relays on their NT4 servers with non-existant or simple passwords... Win2K wasn't much better when it first appeared either.
These days Microsoft stuff for corporates can work very well, most have it heavily mixed in with Open Source and Oracle/IBM/SAP solutions as well. My opinion is that if you are a big player with lots of cash partnering with MS can work well for you, you have leverage, but you need so good technical people to make sure you get what you really require. For smaller players go and hire a couple/small team of shit-hot Linux/Open Source bods. Keep them happy and they will look after your systems really well.