On Windows 10, there is a risk that you can avoid administrator privilege getting & encryption protection with "Shift + F10" key when updating

In Windows 10, the upgrade consists of two kinds of modules, "Servicing Update" which is a conventional update program and "Feature Upgrade" function with addition of function, but this "Feature Upgrade" is small but not "insane" It is pointed out that there are bugs pointed out by experts.

Win-Fu Official Blog: Every Windows 10 in-place upgrade is a SEVERE Security risk

Sami Laihos points out that when updating to Windows 10 and updating to a new build, pressing Shift + F10 will put it in the command prompt. In Windows 10 as OS data protection functionBitLockerHas been introduced, but with this method it is possible to access BitLocker and access internal storage.

Mr. Laihos is an official blog on Win-Fu, which shows the actual access success in video. First of all, in the state where BitLocker is on like this ...

The logon password is set.

Here, rebooting is done after installing the update.

Update in progress ......

In the meantime, Mr. Laihos is pushing shift + F10.

Then, the command prompt is started.

You can see the file list in the folder without problems.

Start Registry Editor. Although it seems to be carelessly forgotten, it does not start in the normal way, but has not yet entered the logon password.

I came up to the logon screen ... ...

You can also edit user etc. in "Computer Management".

According to Laihos, Microsoft is currently dealing with this problem.

in Security, Posted by logc_nt