The latest version of the Microsoft OS has become once again a topic of discussion, and this time it may carry bad news for your company’s security. As the cybersecurity expert Sami Laiho revealed on his blog, every Windows 10 update poses a serious risk. Namely, while your system updates, anyone can take control of your corporate computers.
“This is a big issue and it has been there for a long time,” explains Laiho. This serious flaw comes into play when the OS restarts after installing a new update. Once the system is being updated, all you need to do to gain control of it is to push Shift-F10 to access the command prompt with admin level clearance.
In light of this, the dangers that your company faces are multifaceted. Indeed, any employee can take control of their computer as administrator, access confidential documents, or access the corporate network and create a serious problem from within the company itself.
Laiho points out that it is not necessary to use any specific software to carry out this cyberattack. Just that innocent combination of keys is enough to sow chaos. As if that wasn’t enough, the threat is not limited to those who have physical access to the computer: “An external threat having access to a computer waits for it to start an upgrade to get into the system,” explains Laiho.
Microsoft is apparently working to fix this serious flaw. Meanwhile, the most important thing to prevent threats is to rely on an adequate security solution, and not to postpone Windows 10’s tedious updates.
Forget about how long the update takes. Ideally you would authorize it immediately and stay with the computer at all times. This is the only way to be sure that no bystanders take the driver’s seat of your computer. It is obviously very important to explain this to employees.
In the meantime, we’ll have to trust that they will not commandeer the system themselves and wait for Microsoft to resolve this critical vulnerability.
The post The Dangers of the New Windows 10 Update System appeared first on Panda Security Mediacenter.