A very serious error allows you to bypass the security of Windows 10 and access the entire system, including encrypted disks.
The image we have of a hacker is that of a person (preferably hooded) typing furiously while releasing technical jargon.
Reality sometimes fits with that idea, but many times it doesn’t. Programmers are human, after all; Thus,his creations have holes that they had not thought that nobody was going to take advantage of.
The critical moment when you can skip Windows 10 security
For example, the bug found by security expert Sami Laiho can be exploited by pressing only two keys.
That’s it, that way you have access to the entire system. Sure, certain conditions have to be met.
First of all, we start Windows Update, we let you download the update, and we restart.
As soon as the computer restarts, and the update process begins, we can press Shift + F10 and a console terminal will open.
This is what is known as the Command Prompt in Windows, and is normally not accessible if we do not have administrator rights. And for good reason, because this program offers us access to the entire system.
And when I say the whole system, it really is everything. Yes, even BitLocker-encrypted storage drives they are perfectly accessible using this method.
How can this bug be used
We can also open vital Windows programs, such as regedit, that allows us edit the record; hacking the system this way is relatively easy this way.
We just have to modify the registry and change files, so that when the update is complete we have full access to the system.
In the demonstration, the Laiho change the special key executable to the command prompt; In this way, once the update is finished, you can boot the terminal from the home screen and finish hacking the system.
How is it possible? It turns out that, in the process of updating the system,Windows has to make modifications to the files on the disks.
So you have to disable BitLocker encryption and access the units with administrator permissions.
Taking advantage of this vulnerability, an attacker would only have to wait for the computer to receive an update to enter it without problems.
Laiho says that he has already informed Microsoft of this problem and that the company is developing a patch; but there is no release date yet.