PC World had what I would describe as a bizarre encounter with Microsoft this week, when asking about a new feature in Windows 10’s Anniversary Update.
The feature, what is known for now as “special token” logins, is a feature that allows Windows 10 to stay logged in between reboots – particularly for major Windows 10 upgrades. Many have been dismayed at the need to log in to each user account, after each and every major Windows update, and wait for a second round of adaptation.
This is caused by the Windows 10 system having to migrate the user account, much like a new Windows installation, after each upgrade. It’s a far cry from the multi-hour delays of days gone by, but it is still a bit of a nuisance… especially if you have several users on one PC.
Why So Bizarreness?
The bizarreness, was when Microsoft posted an ominous note about the new Windows Update feature. The note urged people, if using the feature, to enable BitLocker. When PC World asked why, Microsoft responded with the following quote:
“We have nothing to share.”
I’m sorry, but this is unacceptable of Microsoft. Windows 10 Home doesn’t even have BitLocker!! You can’t enable BitLocker if you even wanted to on those systems. And yeah, Windows 10 Home offers the same “feature” to users by default. PC World noted this in their rebuttal to Microsoft’s refusal to answer.
If you, as a company, urge people to take security actions – you have a duty to explain why. Microsoft is not explaining why. I suspect, because these “special token” logins, are completely insecure, and open the user to attack from someone – or something – capturing the tokens, and using them later to log into the machine.
Nor is Microsoft providing any security guidance to Windows 10 Home users that lack BitLocker. They are admitting the feature is wholly insecure, and then telling them, effectively, that they have to upgrade to Windows 10 Pro, and enable BitLocker, to stay secure.
Worse, it’s not clear that BitLocker totally solves the problem. If the token can be captured, then one simply needs to see the machine decrypted. Even a machine that is BitLocker enabled, could still sit decrypted and not logged in. That machine, in that state, could be susceptible to attack from this vulnerability. Again, if it is a vulnerability – Microsoft certainly isn’t talking.
Unless and until Microsoft explains why you should enable BitLocker when using the make-updates-faster “special token” feature, and especially since BitLocker is not even available on most copies of Windows 10… I strongly advise all users of Windows 10 to make sure this feature is disabled, even if you use BitLocker.
How to disable the feature, is also listed in the original PC World article.
Microsoft’s refusal to even explain basic questions about the security implications of this feature, is troubling to say the least. Troubling enough, that no user should even consider turning this feature on. I implore Microsoft to do the right thing, and now publish a full security document explaining the implications of auto-token logins between reboots.