Windows 10 in-place upgrades are a severe security risk

Sounds like a case of &#x27;already behind the airtight hatch&#x27;. If you have administrative privileges to install an OS upgrade then you have administrative privileges to disable filesystem encryption.<p>On the other hand, if MS pushes the update to the PC and it self-launches or can be initiated by a non-administrator, then it seems like there is a real security problem here.

Is there not a presumption that with physical access to a machine it can be rooted if you try hard enough? I certainly make that presumption.<p>The number of Macs I&#x27;ve unlocked by creating a new admin by removing the &quot;install is finished&quot; file in single user mode is in the teens.

So, you leave your machine with BitLocker unlocked and unattended and people can gain admin privileges? I don&#x27;t see how anyone would expect their data to be secured by disk encryption of the machine isn&#x27;t powered down.<p>Or am I missing something?

Come join Linux my friends. My fedora hat wearing greybeards wait for you. Only operating system left that gives semblance of privacy and security.<p>And to those who think I am derailing... <a href="http:&#x2F;&#x2F;news.softpedia.com&#x2F;news&#x2F;microsoft-wants-all-linux-developers-to-move-to-windows-10-510551.shtml" rel="nofollow">http:&#x2F;&#x2F;news.softpedia.com&#x2F;news&#x2F;microsoft-wants-all-linux-dev...</a>

Anyone want to start a pool on how long it will take for an announcement that this also applies to Server 2016?

To really be considered white hat wouldn&#x27;t you have to wait until the fix is deployed?

All this and the comments assume Windows will let you upgrade at all. Google &quot;windows 10 upgrade something happened&quot; and then try to find the fix for that amazing piece of error reporting.<p>In my case it was either that the language pack was wrong: Eng UK not Eng US, neither of which actually have language pack installed... or it was the Win toobar&#x2F;menubar being docked to the left of the screen and not the bottom. One of these stopped the upgrade completely, repeatedly. The greatest security risk had to be getting stuck on an old version of Windows with no good info on how to fix a 2 year old bug in the upgrade process.

<a href="https:&#x2F;&#x2F;blogs.windows.com&#x2F;business&#x2F;2016&#x2F;11&#x2F;11&#x2F;defending-against-ransomware-with-windows-10-anniversary-update&#x2F;#j1k5ggD9MjFF4GzK.97" rel="nofollow">https:&#x2F;&#x2F;blogs.windows.com&#x2F;business&#x2F;2016&#x2F;11&#x2F;11&#x2F;defending-agai...</a><p>&gt; <i>Combined with other significant security advances, such as Credential Guard, Windows Hello and others, we’ve made Windows 10 Anniversary Update the most secure Windows ever.</i>

What&#x27;s the fix of it?<p>There must be an option to stop full automation of upgrade process or MS can just recommend disconnecting from network while upgrade is taking place.<p>MS does it for connivence I assume, so people aren&#x27;t promoted while upgrade is taking place. This is my presumption, I may be wrong.

&gt; Stick to LTSB version<p>Good advice in general for almost any software.

I don&#x27;t know whether this works in newer versions of Windows, but it was extremely simple to elevate your priveleges on almost any Windows 7 machine. I&#x27;ve done this dozens of times.<p>I haven&#x27;t used Windows for years now, so the details are a bit fuzzy, but it essentially worked like this:<p>Start the machine. During boot(when you see the orb splashscreen), turn off power or hold down the power button for a few seconds.<p>The next time you boot up the machine, windows will say it failed to boot and offer to go into startup repair. Do that, wait for some time, and click through until eventually you see a bug report that you can open up in notepad.<p>Once you are in notepad, open up the &quot;open file&quot; dialog. From there, navigate to &quot;C:\Windows\System32&quot; and replace &quot;sethc.exe&quot; with &quot;cmd.exe&quot;. Now, reboot normally.<p>Once you reach the login screen, spam left shift until you get a command prompt with admin privileges. Now, you can create new users, change the password and privileges of existing users, or even start up explorer.exe and use the computer normally as admin, bypassing the login screen entirely.<p>This works because &quot;sethc.exe&quot; is the executable responsible for Sticky Keys, which is activated by pressing shift repeatedly. Instead of sethc.exe, now cmd.exe would be run instead.

TL;DR When you do an in-place upgrade it does so in the SYSTEM authority. If you hit Shift+F10 during part of this process you get a Command Prompt running as SYSTEM. Then you can do some file system and registry changes to replace an accessibility feature exe with cmd and again run it under the SYSTEM authority pre-login and add your account to the Administrators group.

I&#x27;m disable windows update and windows background intelligent service . The most reason was windows keep re downloading broken update and cost a lot my broadband bandwidth. To secure my laptop, i only remove csript.exe and wscript.exe.