locked
Windows 10 Upgrades and Shift F10 - why does MS still offer this? RRS feed

  • Question

  • The reason for this thread is to increase awareness for this security hole which is huge:

    When we do inplace upgrades like

    Win10 1511->1607 (redstone update) or

    win8.1->win10 or

    win7->win10

    there is an installation phase when anyone at the keyboard may press shift F10 to invoke a command shell running with system rights. If you take into consideration that WSUS might be used to push the win10 updates like redstone, this means that users that are in the office while this update occurs are invited to mess with the system or promote themselves to administrators.

    Why do you, Microsoft, give us Shift F10? Why can't we do without, I mean, every update problem can be solved without having a shell right when setup runs. This is a huge design flaw in my opinion since it even bypasses bitlocker.


    Wednesday, August 3, 2016 11:27 AM

Answers

  • The issue if finally fixed. The win10 creators' upgrade does no longer offer Shift F10 during the upgrade process.

    Of course that does not mean, the upgrade process may run unattended without dangers, since setup will still suspend bitlocker during the whole process. Just turn off that machine and take its drive... you have access to all the data.

    • Marked as answer by Ronald Schilf Friday, April 7, 2017 1:16 PM
    Friday, April 7, 2017 1:16 PM

All replies

  • Hi ,

    I totally understand your feeling. Yes, we will be able to gain access to a command prompt during GUI-mode Setup by press SHIFT+F10. It is designed for troubleshooting, copying drivers, starting and stopping services, starting tools such as Task Manager, or other for other needs. It is very useful to troubleshoot issues during setup process. Thanks for your understanding.

    Best Regards


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, August 4, 2016 8:08 AM
  • Hi Rick.

    You could read that I understand why it's there. I just don't understand why they risk so much for gaining so little. I have been administering windows and installing windows for over 15 years - did I ever need shift F10 to solve a problem? No.

    Thursday, August 4, 2016 8:40 AM
  • Hi Rick.

    You could read that I understand why it's there. I just don't understand why they risk so much for gaining so little. I have been administering windows and installing windows for over 15 years - did I ever need shift F10 to solve a problem? No.

    Same here - for over 20 years and have never used Shift + F10 to solve a problem

    It's about time that MS removed this security risk - or at least acknowledged that it exists !!

    Friday, August 5, 2016 2:48 PM
  • Hi,

    Yes, personally, I can understand your feeling. But, to be honest, I do not think this feature will be removed. There might be some other people still need this feature to troubleshoot. You could try the built-in "Feedback" tool to submit your suggestion on your side, hope it will get improved in the future.Thanks for understanding.

    Best regards

    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, August 11, 2016 1:27 PM
  • The issue if finally fixed. The win10 creators' upgrade does no longer offer Shift F10 during the upgrade process.

    Of course that does not mean, the upgrade process may run unattended without dangers, since setup will still suspend bitlocker during the whole process. Just turn off that machine and take its drive... you have access to all the data.

    • Marked as answer by Ronald Schilf Friday, April 7, 2017 1:16 PM
    Friday, April 7, 2017 1:16 PM