Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

So, you leave your machine with BitLocker unlocked and unattended and people can gain admin privileges? I don't see how anyone would expect their data to be secured by disk encryption of the machine isn't powered down.

Or am I missing something?



I don't understand either (didn't watch video though).

Is the problem that the machine can be locked and still start the upgrade process, during which a non admin at the keyboard can rrad the disk?

That would be a pretty serious hole but would be easily fixable by only starting updates when unlocked.


Let's say you are a desktop admin updating 500 Windows 10 machines. Maybe some of these machines are terminals for customers. This bug is a significant attack vector to gain admin on those machines being updated.


Windows 10's updates can also start while the computer is locked though.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: